Hello! Thanks for the answer. Looks like OpenSSL 1.0.2g is the release packaged with Ubuntu 16.04LTS. So to reach this issue *free* system I would have to compile everything myself. Best regards, Olaf Dreyer On Freitag, 17. März 2017 12:02:30 CET Wegener, Norbert wrote:
We had severe issues with 3.0.12. These issues were nearly to 100% caused by openssl (1.0.2.j) Switching to openssl 1.1.0e and to fr3.0.13 brought us to an issue *free* system.
Norbert Wegener
-----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+norbert.wegener=atos.net@lists.freeradius.o rg] On Behalf Of Olaf Dreyer Sent: Friday, March 17, 2017 12:30 PM To: FreeRadius users mailing list Subject: FreeRadius 3.0.12 crash on ubuntu
Hi!
I am running FreeRadius 3.0.12 on Ubuntu 14.04.5 LTS with
freeradius 3.0.12-ppa1~trusty libssl1.0.0:amd64 1.0.1f-1ubuntu2.22
The Radius server is used mainly as AAA server for a bunch of Cisco WLCs with a few hundred Cisco WLAN APs behind. We are doing EAP-TLS, the devices only have to present their certificates. Additionally it is used for authentication of admin users on Cisco devices, here we use the ntlm_auth module. But i think this is not relevant.
The server crashes now quite frequently, the error always looks like this:
Mar 16 22:44:03 server kernel: [2614480.407628] freeradius[13294]: segfault at 44 ip 00007f21f1317f55 sp 00007f21e4ae5828 error 4 in libssl.so.1.0.0[7f21f12dc000+55000]
So, this looks like the crash was related to libssl. in general EAP-TLS works fine, several thousand authentications per day, but then freeradius crashes with the above error. Might be some certificate which openssl 1.0.1f does not understand? Maybe this is a TLSv1.2 certificate? Or should this be already fixed?
Regards, Olaf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html