Alan DeKok <aland@deployingradius.com> writes:
On Jun 28, 2022, at 9:04 AM, Kamil Jońca <kjonca@op.pl> wrote:
3.0.25 https://drive.google.com/file/d/1uswz1jQRyAE_J7b9tu8Hrf4HmZqkT0NW/view?usp=s... 3.2 https://drive.google.com/file/d/15ONVo-KrM0Mq6Jrwu0PlKBDFMKTBpDgX/view?usp=s...
From a quick look, with 3.0.25, the client sends a bunch of information after the TLS session has been established. This is the initial "inner EAP" data.
For 3.2.0, the client sends nothing after the TLS session has been established. For FreeRADIUS sends an ACK "please send more data", and the client sends an ACK "no, you send more data". And then that process repeats.
I suspect that whatever is going wrong is likely in the TLS layer. Are you running both 3.0.25 and 3.2.0 on the same machine, with the same OpenSSL libraries, etc? Or are they on different machines?
You probably right. Although I only changed freeradius binaries, I have installed multiple different versions of openssl and: 3.0.25 sudo ldd /usr/sbin/freeradius [...] libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f63e4e00000) libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007f63e51d7000) [...] 3.2 sudo ldd /usr/sbin/freeradius [...] libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f749c200000) libssl.so.3 => /lib/x86_64-linux-gnu/libssl.so.3 (0x00007f749c155000) [...] So probably ssl3 hadles this differently (And probably I have no chance to debug it due to lack of knowledge :( ) KJ -- http://wolnelektury.pl/wesprzyj/teraz/