<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2963" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>I'm still struggling
with my server throwing </FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>Error: TLS Alert
write:fatal:bad record mac<BR>Error: TLS_accept:error in
SSLv3 read certificate verify A<BR>Error: rlm_eap: SSL error error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac<BR>Error:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session
fails.</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2>errors.</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>So I've
downgraded to 1.0.4, since that is the latest version that we have in
production right now.</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>This box had 1.1.3
installed (as a redhat package)</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>I removed that,
and and compiled 1.0.4 from source and installed it. (since I couldn't
get 1.0.4 to build as a package)</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>Two things I've
noticed..</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>1. The server
is printing out this in the radius.log</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>Wed Oct 18 17:35:53
2006 : Error: TLS_accept:error in SSLv3 read client
certificate A<BR>Wed Oct 18 17:35:53 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)<BR>Wed Oct 18 17:35:53 2006 : Error:
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)<BR>Wed Oct 18
17:35:53 2006 : Info: rlm_eap_mschapv2: Issuing Challenge<BR>Wed Oct 18 17:35:53
2006 : Auth: Login OK: [m2murray] (from client localhost port 0)<BR>Wed Oct 18
17:35:53 2006 : Auth: Login OK: [m2murray] (from client BUWiSM-1-1 port 29 cli
00-13-CE-14-B7-05)<BR></FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>I thought the errors
(SSL error error:00000000:lib(0):func(0):reason(0)) only started printing in
version 1.1.3 (It was something to do with sending it to the log instead
of stdout)</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>2. The server
died with the "bad record mac" error, which has only happened to me in the 1.1.3
and the 1.1.2 versions. </FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>I've done a search,
and the only binary I have on my machine states that it is version 1.0.4
</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>So my question
is:</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2>did the increased
SSL logging come from FreeRADIUS, or from somewhere else, and could it be
related to the "bad record mac"?</FONT></SPAN></DIV>
<DIV><SPAN class=672372914-25102006><FONT face=Arial size=2> </DIV>
<DIV><BR></DIV></FONT></SPAN></BODY></HTML>