On 17 Mar 2016, at 23:03, Franks Andy (IT Technical Architecture Manager) <Andy.Franks@sath.nhs.uk> wrote:
Hmm, this thread got me interested - we were running 3.1.0 # 390f216 (around april 2015 I think) up until recently and it was fine with PEAP-EAP-MSCHAPv2/TLS, not that we used it much, but I did test it. Now with our last git pull (64aa7f9) it doesn't work, same message about EAP not finishing. It also behaves the same with PEAP-EAP-TLS. Hopefully that helps a bit, but I understand it's quite a wide time-span.
eap: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! eap: !! EAP session 0x17ac0b0 did not finish! !! eap: !! See http://wiki.freeradius.org/guide/Certificate_Compatibility !! eap: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thanks Andy
-----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: 16 March 2016 18:38 To: FreeRadius users mailing list Subject: Re: Certificate problem between 3.0.11 and 3.1.x
On 16 Mar 2016, at 16:44, Alan DeKok <aland@deployingradius.com> wrote:
On Mar 16, 2016, at 10:23 AM, Jonathan Gazeley <Jonathan.Gazeley@bristol.ac.uk> wrote:
Well, I wasn't able to get any useful debugging information out of Windows so we have reluctantly taken the decision to revert from bleeding-edge 3.1.x to stable 3.0.11 and work around the problem we were having by avoiding it. We'll revisit this when 3.2.x is released.
If you have time... it would help to know when 3.1 stopped working. You could grab a copy of 3.1 from early 2015, and see if it works. If so, do a binary search on the commits until you get one which works, and one shortly after that which doesn't.
That would at least help us narrow down what changed. And would likely allow us to fix the problem.
Alan Buxey and myself have spent some time and believe we have tracked down the commit which broke EAP: commit 8a7f6e330f45439d333f61dde7ee0982ebcc2a29 Author: Arran Cudbard-Bell <a.cudbardb@freeradius.org> Date: Sun Dec 6 00:34:21 2015 -0500 Add additional debugging so we can track TLS fragments sent :100644 100644 084fb69... aa50e65... M src/modules/rlm_eap/libeap/eap_tls.c :100644 100644 a9ce517... 800fc77... M src/modules/rlm_eap/libeap/eap_tls.h :100644 100644 cb0a560... 8d64335... M src/modules/rlm_eap/libeap/eapcommon.c :100644 100644 b418f31... 87fd937... M src/modules/rlm_eap/rlm_eap.c :100644 100644 becfa6c... 504ed01... M src/modules/rlm_eap/types/rlm_eap_peap/peap.c :100644 100644 887d0d1... 5958f0d... M src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c works immediately before this commit, doesn’t work after. Regards Scott Armitage