<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style>
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
@font-face
{font-family:Consolas}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas}
span.PlainTextChar
{font-family:Consolas}
.MsoChpDefault
{}
@page WordSection1
{margin:72.0pt 72.0pt 72.0pt 72.0pt}
div.WordSection1
{}
-->
</style>
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoPlainText">Alan,</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">We have tried with patch provided.</p>
<p class="MsoPlainText">Here is the Debug log form old (master 2.2.0) and new (latest 2.x.x branch 18/2/2013)</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">Old one: Here the tls state machine goes from Access-Request to Access-Challenge and then to Access-Accepted
</p>
<p class="MsoPlainText">And New one: Here the tls state machine goes from Access-Request to Access-Rejected and then ends with segmentation fault</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">Note: configuration of Client and Switch remains the same in both cases.</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">What could have gone wrong??</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">///////////////////////////////</p>
<p class="MsoPlainText"><b>Old one:</b></p>
<p class="MsoPlainText">rad_recv: Access-Request packet from host 10.0.1.10 port 1645, id=3, length=1020</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: Found Auth-Type = EAP</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: +- entering group authenticate {...}</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] Request found, released from the list</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] EAP/tls</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] processing type tls</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] Authenticate</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] processing EAP-TLS</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] eaptls_verify returned 7
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] Done initial handshake</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] <<< TLS 1.0 Handshake [length 05f6], Certificate
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] chain-depth=1, </p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] error=0</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] --> User-Name = testuser-2@vitesse.com</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] --> BUF-Name = MACsec Test CA</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] --> subject = /C=FI/O=SafeNet, Inc./CN=MACsec Test CA</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] --> issuer = /C=FI/O=SafeNet, Inc./CN=MACsec Test CA</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] --> verify return:1</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] chain-depth=0, </p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] error=0</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] --> User-Name = testuser-2@vitesse.com</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] --> BUF-Name = test user 2</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] --> verify return:1</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] TLS_accept: SSLv3 read client certificate A</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] TLS_accept: SSLv3 read client key exchange A</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] <<< TLS 1.0 Handshake [length 0086], CertificateVerify
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] TLS_accept: SSLv3 read certificate verify A</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] <<< TLS 1.0 Handshake [length 0010], Finished
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] TLS_accept: SSLv3 read finished A</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] TLS_accept: SSLv3 write change cipher spec A</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] >>> TLS 1.0 Handshake [length 0010], Finished
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] TLS_accept: SSLv3 write finished A</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] TLS_accept: SSLv3 flush data</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] (other): SSL negotiation finished successfully</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Debug: SSL Connection Established
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] eaptls_process returned 13
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[eap] returns handled</p>
<p class="MsoPlainText">Sending <b>Access-Challenge</b> of id 3 to 10.0.1.10 port 1645</p>
<p class="MsoPlainText"> EAP-Message = 0x010c00350d800000002b1403010001011603010020f2847b79b15d316feb376cd0294bffca228fb31bcdfd4e3ac450b4b3148c0eda</p>
<p class="MsoPlainText"> Message-Authenticator = 0x00000000000000000000000000000000</p>
<p class="MsoPlainText"> State = 0x1bc2fd5d1fcef0fc7198dd89ed915160</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: Finished request 4.</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Debug: Going to the next request</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Debug: Waking up in 4.8 seconds.</p>
<p class="MsoPlainText">rad_recv: <b>Access-Request</b> packet from host 10.0.1.10 port 1645, id=4, length=191</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: +- entering group authorize {...}</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[preprocess] returns ok</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[chap] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[mschap] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[digest] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [suffix] Looking up realm "vitesse.com" for User-Name = "testuser-2@vitesse.com"</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [suffix] No such realm "vitesse.com"</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[suffix] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] EAP packet type response id 12 length 6</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[eap] returns updated</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[files] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[expiration] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[logintime] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[pap] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: Found Auth-Type = EAP</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: +- entering group authenticate {...}</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] Request found, released from the list</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] EAP/tls</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] processing type tls</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] Authenticate</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] processing EAP-TLS</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] Received TLS ACK</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] ACK handshake is finished</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] eaptls_verify returned 3
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] eaptls_process returned 3
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [tls] Adding user data to cached session</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: [eap] Freeing handler</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[eap] returns ok</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: +- entering group post-auth {...}</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[exec] returns noop</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: expand: %{reply:EAP-Session-Id} ->
</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: ++[reply] returns noop</p>
<p class="MsoPlainText">Sending <b>Access-Accept</b> of id 4 to 10.0.1.10 port 1645</p>
<p class="MsoPlainText"> MS-MPPE-Recv-Key = 0xabfde3ba0cc6ec4bf616ec5c094607c9ba1c4b9936ff5145b50f35e19f15423f</p>
<p class="MsoPlainText"> MS-MPPE-Send-Key = 0x1855579adb2ba678eef70b24a449df8f8a8d9ac120b2a82fbe44371aa6f976e6</p>
<p class="MsoPlainText"> EAP-Message = 0x030c0004</p>
<p class="MsoPlainText"> Message-Authenticator = 0x00000000000000000000000000000000</p>
<p class="MsoPlainText"> User-Name = "testuser-2@vitesse.com"</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Info: Finished request 5.</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Debug: Going to the next request</p>
<p class="MsoPlainText">Sat Aug 18 03:04:46 2012 : Debug: Waking up in 4.8 seconds</p>
<p class="MsoPlainText"> </p>
<p class="MsoPlainText">///////////////////////////////</p>
<p class="MsoPlainText"><b>And New one: Here the tls state machine goes from Access-Request to Access-Rejected and then segmentation fault<span style="color:black"></span></b></p>
<p class="MsoPlainText"><span style="color:black"> </span></p>
<p class="MsoPlainText"><span style="color:black">rad_recv: <b>Access-Request</b> packet from host 10.0.1.10 port 1645, id=147, length=205</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: +- entering group authorize {...}</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[preprocess] returns ok</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[chap] returns noop</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[mschap] returns noop</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[digest] returns noop</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [suffix] Looking up realm "vitesse.com" for User-Name = "testuser-2@vitesse.com"</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [suffix] No such realm "vitesse.com"</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[suffix] returns noop</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [eap] EAP packet type response id 1 length 38</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[eap] returns updated</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[files] returns noop</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[expiration] returns noop</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[logintime] returns noop</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[pap] returns noop</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: Found Auth-Type = EAP</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: +- entering group authenticate {...}</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [eap] EAP Identity</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [eap] processing type tls</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [tls] Requiring client certificate</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [tls] Initiate</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [tls] Start returned 1</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[eap] returns handled</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: Failed to authenticate the user.</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: Using Post-Auth-Type REJECT</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: +- entering group REJECT {...}</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: [attr_filter.access_reject] expand: %{User-Name} -> testuser-2@vitesse.com</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Debug: attr_filter: Matched entry DEFAULT at line 11</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: ++[attr_filter.access_reject] returns updated</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Info: Delaying reject of request 0 for 1 seconds</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Debug: Going to the next request</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:32 2012 : Debug: Waking up in 0.9 seconds.</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:33 2012 : Info: Sending delayed reject for request 0</span></p>
<p class="MsoPlainText"><b><span style="color:black"> </span></b></p>
<p class="MsoPlainText"><span style="color:black">Sending<b> Access-Reject </b>of id 147 to 10.0.1.10 port 1645</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:33 2012 : Debug: Waking up in 0.3 seconds.</span></p>
<p class="MsoPlainText"><span style="color:black">Sat Aug 18 02:44:33 2012 : Info: Sending delayed reject for request 1</span></p>
<p class="MsoPlainText"><span style="color:black">Sending <b>Access-Reject</b> of id 148 to 10.0.1.10 port 1645</span></p>
<p class="MsoPlainText"><span style="color:black">
</span></p>
<p class="MsoPlainText"><span style="color:black">Thanks,</span></p>
<p class="MsoPlainText"><span style="color:black">Srinivas B</span></p>
</div>
<p class="MsoNormal" style="margin-left:.5in"><i><span style="font-size:10.0pt; color:black">CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.</span></i></p>
</body>
</html>