Missing TLS Change Cipher Spec and TLS Finished in EAP-TLS exchanges
Hi, I upgraded an internal freeradius server (Linux, Debian unstable, libssl 0.9.8) used for EAP-TLS (802.11 WPA2 access) from 2.0.5 to 2.1.3. With 2.1.3, client authentication fails in the following way (wpasupplicant on Debian unstable, working with 2.0.5): - the TLS exchange is completed from freeradius point of view. It even sends the Access-Accept message to the NAS. - from the clients point of view, the TLS exchange is not over, it expects some more data from the server which are never sent. I took two pcap traces (sent to you privately, Alan), one with 2.0.5, one with 2.1.3. It looks like the TLS Change Cipher and TLS Tinished elements of the TLS exchange are not in the EAP encapsulated TLS packets sent by the server. Compare packet #23 of 2.1.3 trace with packet #27 of 2.0.5 trace. If you use wireshark, you will notice that the SSL layer is dissected; this is because #27 has a small brother: #29. It is not sent by 2.1.3. Alan, if you have an idea or a patch, I can test it on monday. Cheers, a+
Hi, arno@natisbad.org (Arnaud Ebalard) writes:
I upgraded an internal freeradius server (Linux, Debian unstable, libssl 0.9.8) used for EAP-TLS (802.11 WPA2 access) from 2.0.5 to 2.1.3.
With 2.1.3, client authentication fails in the following way (wpasupplicant on Debian unstable, working with 2.0.5):
- the TLS exchange is completed from freeradius point of view. It even sends the Access-Accept message to the NAS. - from the clients point of view, the TLS exchange is not over, it expects some more data from the server which are never sent.
I took two pcap traces (sent to you privately, Alan), one with 2.0.5, one with 2.1.3. It looks like the TLS Change Cipher and TLS Tinished elements of the TLS exchange are not in the EAP encapsulated TLS packets sent by the server.
Compare packet #23 of 2.1.3 trace with packet #27 of 2.0.5 trace. If you use wireshark, you will notice that the SSL layer is dissected; this is because #27 has a small brother: #29. It is not sent by 2.1.3.
Alan, if you have an idea or a patch, I can test it on monday.
I wonder if my first mail slipped through or if it just that noone had time to look at it. I changed the subject to something more explicit. Cheers, a+
Hi, As explained in previous mails of the thread, FreeRadius EAP-TLS support is broken (the EAP encapsulated TLS ChangeCipherSpec and TLS Finished messages are not sent). Bisecting the issue led me here: commit b51a3a82edb797f5d0a2758bd1a38359d6f66803 Author: Alan T. DeKok <aland@freeradius.org> Date: Sun Aug 24 10:04:55 2008 +0200 Clean up debug && log messages AFAICT, the test that prevented eaptls_ack_handler() to return EAPTLS_SUCCESS *before* flushing remaining local messages (i.e. returning EAPTLS_REQUEST so that they be sent to the peer to complete the TLS handshake) was removed in that commit. The patch below is against current git tree. With Axel, we tested the fix with 2.1.3: it corrects the issue. Cheers, a+ Signed-off-by: Arnaud Ebalard <arno@natisbad.org> Tested-by: Axel Tillequin <axel.tillequin@gmail.com> --- src/modules/rlm_eap/libeap/eap_tls.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c index cd95bec..42edbed 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.c +++ b/src/modules/rlm_eap/libeap/eap_tls.c @@ -330,7 +330,8 @@ static eaptls_status_t eaptls_ack_handler(EAP_HANDLER *handler) return EAPTLS_FAIL; case handshake: - if (tls_session->info.handshake_type == finished) { + if ((tls_session->info.handshake_type == finished) && + (tls_session->dirty_out.used == 0)) { RDEBUG2("ACK handshake is finished"); /* -- 1.5.6.5
Arnaud Ebalard wrote:
As explained in previous mails of the thread, FreeRadius EAP-TLS support is broken (the EAP encapsulated TLS ChangeCipherSpec and TLS Finished messages are not sent). Bisecting the issue led me here:
Hmm... git-bisect is a good tool.
commit b51a3a82edb797f5d0a2758bd1a38359d6f66803 Author: Alan T. DeKok <aland@freeradius.org> Date: Sun Aug 24 10:04:55 2008 +0200
Clean up debug && log messages
AFAICT, the test that prevented eaptls_ack_handler() to return EAPTLS_SUCCESS *before* flushing remaining local messages (i.e. returning EAPTLS_REQUEST so that they be sent to the peer to complete the TLS handshake) was removed in that commit.
Ok. There might have been a reason at the time... but it looks like a bad idea.
The patch below is against current git tree. With Axel, we tested the fix with 2.1.3: it corrects the issue.
Added, thanks. Alan DeKok
How to fix this BUG,I wonder the detail,please give me a document to learn! thanks for your help! best regards -- View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-TLS-Change-Cipher-Spec-and-T... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
Hi, The BUG i meet just like Arnaud EBALARD's question "Missing TLS Change Cipher Spec and TLS Finished in EAP-TLS exchanges " i found in the maillist JAN 24,2009. I want to know how to solve it. for your reply! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-TLS-Change-Cipher-Spec-and-T... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
Hi, please look at the mailing list. Help! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-TLS-Change-Cipher-Spec-and-T... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
Hi. Why not look at the mailing list,I want to your help! Best regards -- View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-TLS-Change-Cipher-Spec-and-T... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
Why not look at the mailing list,I want to your help!
Help with what? A bug that was fixed 2 years ago? Are you saying it's still broken? If so, provide evidence. Otherwise, YOU should look at the mailing list thread and you will see the patch that was submitted to fix the problem: http://freeradius.1045715.n5.nabble.com/Missing-TLS-Change-Cipher-Spec-and-T...
yuqiang wrote:
Hi, please look at the mailing list. Help!
If you insist on being rude, you can always be unsubscribed. Since you're unwilling to do anything, there is no reason for anyone to help you. Alan DeKok.
Oh,I am sorry. But the problem i meet just like the event descibed in mailinglist here. I downloaded the new version of freeradius(2.1.10) and run it on LINUX.When the certificate is expired or invalid,I found the data sent by server were missed. The log is followed. +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS TLS Length 225 [tls] Length Included [tls] eaptls_verify returned 11 [tls] <<< TLS 1.0 Handshake [length 0b8c], Certificate [tls] chain-depth=2, [tls] error=0 [tls] --> User-Name = test [tls] --> BUF-Name = ZJRoot,2.5.4.1 [tls] --> subject = /C=\x00C\x00N/ST=mYl_w\x01/L=gm]\xDE^\x02/O=mYl_w\x01ep[W\x8B\xA4\x8B\xC1N-_\xC3/CN=\x00Z\x00J\x00R\x00o\x00o\x00t [tls] --> issuer = /C=\x00C\x00N/ST=mYl_w\x01/L=gm]\xDE^\x02/O=mYl_w\x01ep[W\x8B\xA4\x8B\xC1N-_\xC3/CN=\x00Z\x00J\x00R\x00o\x00o\x00t [tls] --> verify return:1 [tls] chain-depth=1, [tls] error=0 [tls] --> User-Name = test [tls] --> BUF-Name = ZJCA,2.5.4.1 [tls] --> subject = /C=\x00C\x00N/ST=mYl_w\x01/L=gm]\xDE^\x02/O=mYl_w\x01ep[W\x8B\xA4\x8B\xC1N-_\xC3/CN=\x00Z\x00J\x00C\x00A [tls] --> issuer = /C=\x00C\x00N/ST=mYl_w\x01/L=gm]\xDE^\x02/O=mYl_w\x01ep[W\x8B\xA4\x8B\xC1N-_\xC3/CN=\x00Z\x00J\x00R\x00o\x00o\x00t [tls] --> verify return:1 --> verify error:num=10:certificate has expired [tls] >>> TLS 1.0 Alert [length 0002], fatal certificate_expired TLS Alert write:fatal:certificate expired TLS_accept: error in SSLv3 read client certificate B rlm_eap: SSL error error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation [tls] eaptls_process returned 4 [eap] Handler failed in EAP/tls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject t he event is not conform to the RFC5216 as the italic text: Authenticating Peer Authenticator ------------------- ------------- <- EAP-Request/ Identity EAP-Response/ Identity (MyID) -> <- EAP-Request/ EAP-Type=EAP-TLS (TLS Start) EAP-Response/ EAP-Type=EAP-TLS (TLS client_hello)-> <- EAP-Request/ EAP-Type=EAP-TLS (TLS server_hello, TLS certificate, [TLS server_key_exchange,] TLS certificate_request, TLS server_hello_done) EAP-Response/ EAP-Type=EAP-TLS (TLS certificate, TLS client_key_exchange, TLS certificate_verify, TLS change_cipher_spec, TLS finished) -> /<- EAP-Request/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished)/ EAP-Response/ EAP-Type=EAP-TLS -> <- EAP-Request EAP-Type=EAP-TLS (TLS Alert message) EAP-Response/ EAP-Type=EAP-TLS -> <- EAP-Failure (User Disconnected) -- View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-TLS-Change-Cipher-Spec-and-T... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
On 07/08/2011 11:30 AM, yuqiang wrote: [unreadable html garbage] Please fix your mail client, the html mime part was not formatted correctly resulting in no line breaks making it unreadable. Better yet, don't send html. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/
Hi,my freinds I should sum up my problems as followed.According to RFC 5216 strictly(Fig 1),when the server verified a certificate valid,it should return a packet with (TLS change_cipher_spec, TLS finished),and the client is waiting for the packet then return (EAP-Response).But please see the log(Fig 2),the server return (TLS Alert message) packet directly lacking the up step.So i think the freeradius is not as required by the specifications,is that right? Best regards Fig 1 RFC 5216 Section 2.1 Authenticating Peer Authenticator ------------------- ------------- <- EAP-Request/ Identity EAP-Response/ Identity (MyID) -> <- EAP-Request/ EAP-Type=EAP-TLS (TLS Start) EAP-Response/ EAP-Type=EAP-TLS (TLS client_hello)-> <- EAP-Request/ EAP-Type=EAP-TLS (TLS server_hello, TLS certificate, [TLS server_key_exchange,] TLS certificate_request, TLS server_hello_done) EAP-Response/ EAP-Type=EAP-TLS (TLS certificate, TLS client_key_exchange, TLS certificate_verify, TLS change_cipher_spec, TLS finished) -> <- EAP-Request/ EAP-Type=EAP-TLS (TLS change_cipher_spec, TLS finished) EAP-Response/ EAP-Type=EAP-TLS -> <- EAP-Request EAP-Type=EAP-TLS (TLS Alert message) EAP-Response/ EAP-Type=EAP-TLS -> <- EAP-Failure (User Disconnected) Fig 2 2011-07-09 yuqiang1973 发件人: Alan DeKok-2 [via FreeRadius] 发送时间: 2011-07-09 00:21:07 收件人: yuqiang 抄送: 主题: Re: Missing SSL Change Cipher Spec in EAP-TLS withClientCertificate verify failed Phil Mayers wrote:
EAP-TLS in FreeRADIUS WORKS. Stop posting nonsense about RFC compliance.
If the certificate verification fails, then the server is *supposed* to stop the EAP-TLS conversation.
FreeRADIUS just uses OpenSSL. OpenSSL works. OpenSSL is compliant with the standards.
There is nothing wrong with FreeRADIUS or OpenSSL.
Everything is working as expected, and as required by the specifications. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/Missing-SSL-Change-Cipher-Spec-in-EA... To unsubscribe from Missing SSL Change Cipher Spec in EAP-TLS with Client Certificate verify failed, click here. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-TLS-Change-Cipher-Spec-and-T... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
yuqiang wrote:
I should sum up my problems as followed.According to RFC 5216 strictly(Fig 1),when the server verified a certificate valid,it should return a packet with * (TLS change_cipher_spec, TLS finished),**and the client is waiting for the packet then return (EAP-Response).But please see the log(Fig 2),the server return *(TLS Alert message) packet directly lacking the up step.So i think the freeradius is not as required by the specifications,is that right?
You have a number of problems: 1) FreeRADIUS doesn't implement SSL. That's done by OpenSSL 2) OpenSSL questions belong on the OpenSSL list not here 3) repeatedly posting the same message is ignorant and rude 4) repeatedly ignoring the responses on this list is ignorant and rude 5) this is your last warning If you keep posting nonsense, you will be unsubscribed and banned. Alan DeKok.
Hi, The BUG i meet just like your question "Missing TLS Change Cipher Spec and TLS Finished in EAP-TLS exchanges " i found in the maillist JAN 24,2009. I want to know how to solve it. for your reply! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Missing-TLS-Change-Cipher-Spec-and-T... Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
participants (5)
-
Alan DeKok -
arno@natisbad.org -
Garber, Neal -
John Dennis -
yuqiang