Fwd: Upgraded freeradius to 2.1.12 with openssl 0.9.8n - Error: No SSL info available. Waiting for more SSL data.
Hi, I upgraded freeradius version from 2.0.2 to 2.1.12 and also the openssl version from 0.9.7 to 0.9.8n. The issue I am facing now is with peap mschapv2 windows client not able to authenticate with my radius server. The error is [peap] No SSL info available. Waiting for more SSL data. I added few more logs and I could see the callback function cbtls_msg returning due to the arg (state) being NULL in freeradius-server-2.1.12/src/modules/rlm_eap/libeap/cb.c void cbtls_msg /* * Work around bug #298, where we may be called with a NULL * argument. We should really log a serious error */ if (!arg) return; Not sure what the bug298 is all about and also what could be the possible reason for the arg (state) to be NULL? Regards, Winson
Winson Fernandes wrote:
I upgraded freeradius version from 2.0.2 to 2.1.12 and also the openssl version from 0.9.7 to 0.9.8n. The issue I am facing now is with peap mschapv2 windows client not able to authenticate with my radius server.
Well... other people have it working. OpenSSL is weird.
The error is [peap] No SSL info available. Waiting for more SSL data.
That means that the server expects the client to send more data, and the client expects the server to send more data. Since the client is in charge here, nothing more happens.
Not sure what the bug298 is all about and also what could be the possible reason for the arg (state) to be NULL?
No idea. OpenSSL is weird. Alan DeKok.
Hi Alan, We added more logs into openssl and found out why the “state->info.initialized” did not get set and the callback had arg as NULL. This was because the value SSL_CTRL_SET_MSG_CALLBACK_ARG passed by freeradius SSL_set_msg_callback_arg -> Set_msg_callback_arg was 14 (due to wrong header file). The value should have been 16 as per the upgraded openssl-0.9.8n/ssl/ssl.h. The radiusd was using the montavista build environment's openssl header file which is 0.9.7 (which comes bundled with montavista tool chain). Will either upgrade the openssl tool chain or make necessary changes in the Makefile. Thanks, Winson On Sun, Apr 8, 2012 at 3:43 PM, Alan DeKok <aland@deployingradius.com>wrote:
Winson Fernandes wrote:
I upgraded freeradius version from 2.0.2 to 2.1.12 and also the openssl version from 0.9.7 to 0.9.8n. The issue I am facing now is with peap mschapv2 windows client not able to authenticate with my radius server.
Well... other people have it working. OpenSSL is weird.
The error is [peap] No SSL info available. Waiting for more SSL data.
That means that the server expects the client to send more data, and the client expects the server to send more data. Since the client is in charge here, nothing more happens.
Not sure what the bug298 is all about and also what could be the possible reason for the arg (state) to be NULL?
No idea. OpenSSL is weird.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Winson Fernandes wrote:
This was because the value SSL_CTRL_SET_MSG_CALLBACK_ARG passed by freeradius SSL_set_msg_callback_arg -> Set_msg_callback_arg was 14 (due to wrong header file). The value should have been 16 as per the upgraded openssl-0.9.8n/ssl/ssl.h.
Ah, that makes sense. It's nearly always a bad idea to have two copies of OpenSSL installed. Alan DeKok.
participants (2)
-
Alan DeKok -
Winson Fernandes