I’ve seen a strange one… I’ve created the test certs, etc, that enable the EAP configuration to work. Running radiusd -X, one sees (in relevant part): # Linked to sub-module rlm_eap_tls tls { tls = "tls-common" } tls-config tls-common { verify_depth = 0 ca_path = "/opt/local/etc/raddb/certs" pem_file_type = yes private_key_file = "/opt/local/etc/raddb/certs/server.pem" certificate_file = "/opt/local/etc/raddb/certs/server.pem" ca_file = "/opt/local/etc/raddb/certs/ca.pem" private_key_password = <<< secret >>> dh_file = "/opt/local/etc/raddb/certs/dh" fragment_size = 1024 include_length = yes auto_chain = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" cipher_server_preference = no ecdh_curve = "prime256v1" tls_max_version = "" tls_min_version = "1.0" cache { enable = no lifetime = 24 max_entries = 255 } verify { skip_if_ocsp_ok = no } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } […] However, if I try to start radiusd as normal (not via -X), I end up with this behavior in the logs: Fri Dec 20 20:46:38 2019 : Error: tls: Failed reading certificate file "/opt/local/etc/raddb/certs/server.pem": error:0906D06C:PEM routines:PEM_read_bio:no start line Fri Dec 20 20:46:38 2019 : Error: rlm_eap_tls: Failed initializing SSL context Fri Dec 20 20:46:38 2019 : Error: rlm_eap (EAP): Failed to initialise rlm_eap_tls Fri Dec 20 20:46:38 2019 : Error: /opt/local/etc/raddb/mods-enabled/eap[14]: Instantiation failed for module “eap" Clearly, I can disable EAP (as I don’t use it at the moment) and get things working; however, I’m trying to disable as little of the default configs as possible. Is there something different in the code path when debugging is enabled vs not that is making OpenSSL libraries do something weird? -- Coy Hile coy.hile@coyhile.com