Migrating to a new server from 2.x to 3.0.4 CentOS 7
Hi, I have migrated my root CA and free radius configs from FreeRadius 2.x to 3.0.4 on CentOS7. I’m receiving the following messages when attempting to authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect. I have tried to recreate the ROOT CA and Client cert but that produces the same error message. I’m not sure where to go from here. (6) eap_tls : <<< TLS 1.0 Handshake [length 03d4], Certificate --> verify error:num=20:unable to get local issuer certificate (6) ERROR: eap_tls : SSL says error 20 : unable to get local issuer certificate (6) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal unknown_ca (6) ERROR: eap_tls : TLS Alert write:fatal:unknown CA tls: TLS_accept: Error in SSLv3 read client certificate B (6) ERROR: eap_tls : SSL says: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation (6) eap_tls : eaptls_process returned 4 (6) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module failed (6) eap : Failed in EAP select (6) [eap] = invalid (6) } # authenticate = invalid
Please, try the 3.0.8 or build from the HEAD -- Jorge Pereira On Wed, Jul 1, 2015 at 5:58 PM, Kris Armstrong <kris.armstrong@me.com> wrote:
Hi,
I have migrated my root CA and free radius configs from FreeRadius 2.x to 3.0.4 on CentOS7. I’m receiving the following messages when attempting to authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect.
I have tried to recreate the ROOT CA and Client cert but that produces the same error message. I’m not sure where to go from here.
(6) eap_tls : <<< TLS 1.0 Handshake [length 03d4], Certificate --> verify error:num=20:unable to get local issuer certificate (6) ERROR: eap_tls : SSL says error 20 : unable to get local issuer certificate (6) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal unknown_ca (6) ERROR: eap_tls : TLS Alert write:fatal:unknown CA tls: TLS_accept: Error in SSLv3 read client certificate B (6) ERROR: eap_tls : SSL says: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned SSL: SSL_read failed in a system call (-1), TLS session fails. TLS receive handshake failed during operation (6) eap_tls : eaptls_process returned 4 (6) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module failed (6) eap : Failed in EAP select (6) [eap] = invalid (6) } # authenticate = invalid - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Jorge, I attempted to upgrade to V3.0.8 however i’m getting this message checking for DH_new in -lcrypto... no checking for DH_new in -lcrypto in /usr/local/lib... no checking for DH_new in -lcrypto in /opt/lib... no configure: error: in `/home/freeradius-server-3.0.8': configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL) See `config.log' for more details Checking the user/lib64 I have [root@freeradius lib64]# pwd /usr/lib64 [root@freeradius lib64]# ls libcry* libcrypt-2.17.so libcrypto.so.10 libcrypto.so.1.0.1e libcryptsetup.so.4 libcryptsetup.so.4.6.0 libcrypt.so libcrypt.so.1 [root@freeradius lib64]# So I tried [root@freeradius freeradius-server-3.0.8]# ./configure --with-openssl-lib-dir=/usr/lib64 And I got these results checking for DH_new in -lcrypto in /usr/lib64... no checking for DH_new in -lcrypto... no checking for DH_new in -lcrypto in /usr/local/lib... no checking for DH_new in -lcrypto in /opt/lib... no configure: error: in `/home/freeradius-server-3.0.8': configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL) See `config.log' for more details Perhaps i’m misunderstanding the error message > On Jul 1, 2015, at 3:12 PM, Jorge Pereira <jpereiran@gmail.com> wrote: > > Please, > > try the 3.0.8 or build from the HEAD > > -- > Jorge Pereira > > On Wed, Jul 1, 2015 at 5:58 PM, Kris Armstrong <kris.armstrong@me.com> > wrote: > >> Hi, >> >> I have migrated my root CA and free radius configs from FreeRadius 2.x to >> 3.0.4 on CentOS7. I’m receiving the following messages when attempting to >> authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect. >> >> I have tried to recreate the ROOT CA and Client cert but that produces the >> same error message. I’m not sure where to go from here. >> >> (6) eap_tls : <<< TLS 1.0 Handshake [length 03d4], Certificate >> --> verify error:num=20:unable to get local issuer certificate >> (6) ERROR: eap_tls : SSL says error 20 : unable to get local issuer >> certificate >> (6) eap_tls : >>> TLS 1.0 Alert [length 0002], fatal unknown_ca >> (6) ERROR: eap_tls : TLS Alert write:fatal:unknown CA >> tls: TLS_accept: Error in SSLv3 read client certificate B >> (6) ERROR: eap_tls : SSL says: error:140890B2:SSL >> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned >> SSL: SSL_read failed in a system call (-1), TLS session fails. >> TLS receive handshake failed during operation >> (6) eap_tls : eaptls_process returned 4 >> (6) ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module >> failed >> (6) eap : Failed in EAP select >> (6) [eap] = invalid >> (6) } # authenticate = invalid >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Jul 1, 2015, at 4:58 PM, Kris Armstrong <kris.armstrong@me.com> wrote:
Hi,
I have migrated my root CA and free radius configs from FreeRadius 2.x to 3.0.4 on CentOS7. I’m receiving the following messages when attempting to authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect.
I have tried to recreate the ROOT CA and Client cert but that produces the same error message. I’m not sure where to go from here.
Looks like you've not set ca_file? Or it doesn't contain all the intermediaries (you need to concat them into the same file). -Arran
There are no intermediate its a single Root CA and it is set My EAP file TLS Section I’ve commented out all but 2048ca.pem my client.pem is signed by but no difference. ca_file = ${cadir}/ca.pem # Customer CA Files: ca_file = ${cadir}/00374255/root_ca.pem # FNET CA Files: ca_file = ${cadir}/fnetCerts/CA/pem/512ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/768ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1024ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1280ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1536ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1792ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/4096ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
On Jul 1, 2015, at 3:20 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On Jul 1, 2015, at 4:58 PM, Kris Armstrong <kris.armstrong@me.com> wrote:
Hi,
I have migrated my root CA and free radius configs from FreeRadius 2.x to 3.0.4 on CentOS7. I’m receiving the following messages when attempting to authenticate the client with EAP/TLS. PEAP/MSCHPv2 works perfect.
I have tried to recreate the ROOT CA and Client cert but that produces the same error message. I’m not sure where to go from here.
Looks like you've not set ca_file? Or it doesn't contain all the intermediaries (you need to concat them into the same file).
-Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 1 Jul 2015, at 17:46, Kris Armstrong <kris.armstrong@me.com> wrote:
There are no intermediate its a single Root CA and it is set
My EAP file TLS Section
I’ve commented out all but 2048ca.pem my client.pem is signed by but no difference.
ca_file = ${cadir}/ca.pem
# Customer CA Files: ca_file = ${cadir}/00374255/root_ca.pem
# FNET CA Files: ca_file = ${cadir}/fnetCerts/CA/pem/512ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/768ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1024ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1280ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1536ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1792ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/4096ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
Um, no, that's not how you configure them. You need to concatenate them all the CAs into the same file, as I said before. Or use the ca_path config item and specify a directory that holds the Ca files. You for 3.0.8 need to install the openssl-devel rpm to build from source. Could you provide your config.log so we can try and fix it to produce a more user friendly error. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
This is the only CA that is required for the client cert ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem I have commented out the others as they are have no ties to my client ca
On Jul 1, 2015, at 4:05 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 1 Jul 2015, at 17:46, Kris Armstrong <kris.armstrong@me.com> wrote:
There are no intermediate its a single Root CA and it is set
My EAP file TLS Section
I’ve commented out all but 2048ca.pem my client.pem is signed by but no difference.
ca_file = ${cadir}/ca.pem
# Customer CA Files: ca_file = ${cadir}/00374255/root_ca.pem
# FNET CA Files: ca_file = ${cadir}/fnetCerts/CA/pem/512ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/768ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1024ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1280ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1536ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1792ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/4096ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
Um, no, that's not how you configure them.
You need to concatenate them all the CAs into the same file, as I said before. Or use the ca_path config item and specify a directory that holds the Ca files.
You for 3.0.8 need to install the openssl-devel rpm to build from source.
Could you provide your config.log so we can try and fix it to produce a more user friendly error.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I was able to upgrade to V3.0.8 however it won’t start Debugger not attached Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release) Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2014-0160' [root@freeradius freeradius-server-3.0.8]# yum upgrade Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos.dfw.quadranet.com * extras: dallas.tx.mirror.xygenhosting.com * updates: centos.host-engine.com No packages marked for update [root@freeradius freeradius-server-3.0.8]# openssl version OpenSSL 1.0.2c 12 Jun 2015 [root@freeradius freeradius-server-3.0.8]#
On Jul 1, 2015, at 4:19 PM, Kris Armstrong <kris.armstrong@me.com> wrote:
This is the only CA that is required for the client cert
ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem I have commented out the others as they are have no ties to my client ca
On Jul 1, 2015, at 4:05 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 1 Jul 2015, at 17:46, Kris Armstrong <kris.armstrong@me.com> wrote:
There are no intermediate its a single Root CA and it is set
My EAP file TLS Section
I’ve commented out all but 2048ca.pem my client.pem is signed by but no difference.
ca_file = ${cadir}/ca.pem
# Customer CA Files: ca_file = ${cadir}/00374255/root_ca.pem
# FNET CA Files: ca_file = ${cadir}/fnetCerts/CA/pem/512ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/768ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1024ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1280ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1536ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/1792ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/4096ca.pem ca_file = ${cadir}/fnetCerts/CA/pem/2048ca.pem
Um, no, that's not how you configure them.
You need to concatenate them all the CAs into the same file, as I said before. Or use the ca_path config item and specify a directory that holds the Ca files.
You for 3.0.8 need to install the openssl-devel rpm to build from source.
Could you provide your config.log so we can try and fix it to produce a more user friendly error.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 1 Jul 2015, at 18:53, Kris Armstrong <kris.armstrong@me.com> wrote:
I was able to upgrade to V3.0.8 however it won’t start
Debugger not attached Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release) Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2014-0160' [root@freeradius freeradius-server-3.0.8]# yum upgrade Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos.dfw.quadranet.com * extras: dallas.tx.mirror.xygenhosting.com * updates: centos.host-engine.com No packages marked for update
[root@freeradius freeradius-server-3.0.8]# openssl version OpenSSL 1.0.2c 12 Jun 2015 [root@freeradius freeradius-server-3.0.8]#
Think about it. What could be the issue here? Check the library linkages maybe? -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
agreed. Its definitely the library. its linking to the old and not the new. Guess my real question is how to change it.
On Jul 1, 2015, at 5:18 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 1 Jul 2015, at 18:53, Kris Armstrong <kris.armstrong@me.com> wrote:
I was able to upgrade to V3.0.8 however it won’t start
Debugger not attached Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release) Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2014-0160' [root@freeradius freeradius-server-3.0.8]# yum upgrade Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos.dfw.quadranet.com * extras: dallas.tx.mirror.xygenhosting.com * updates: centos.host-engine.com No packages marked for update
[root@freeradius freeradius-server-3.0.8]# openssl version OpenSSL 1.0.2c 12 Jun 2015 [root@freeradius freeradius-server-3.0.8]#
Think about it. What could be the issue here? Check the library linkages maybe?
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 1 Jul 2015, at 19:33, Kris Armstrong <kris.armstrong@me.com> wrote:
agreed. Its definitely the library. its linking to the old and not the new. Guess my real question is how to change it.
./configure -h (to get configure options) Pass in the paths to the OpenSSL libraries and headers you want to use. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
I’m not sure why its checking for openssl .0.9.7 Command Used /configure --with-openssl-lib-dir=/usr/src/openssl-1.0.2c/ --with-openssl-include-dir=/usr/src/openssl-1.0.2c/ The openssl-1.0.2c is where my source is for openssl V1.0.2c I assume thats correct in anywise it appears as though the headers do not line up with the libraries if i’m reading this right? config.log is attached. checking for OpenSSL version >= 0.9.7... yes checking OpenSSL library and header version consistency... library: 1000203f header: 1000105f... no configure: error: in `/usr/src/freeradius-server-3.0.8': configure: error: OpenSSL library version does not match header version See `config.log' for more details [root@freeradius freeradius-server-3.0.8]#
On Jul 1, 2015, at 5:45 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 1 Jul 2015, at 19:33, Kris Armstrong <kris.armstrong@me.com> wrote:
agreed. Its definitely the library. its linking to the old and not the new. Guess my real question is how to change it.
./configure -h (to get configure options)
Pass in the paths to the OpenSSL libraries and headers you want to use.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 1 Jul 2015, at 20:15, Kris Armstrong <kris.armstrong@me.com> wrote:
I’m not sure why its checking for openssl .0.9.7
Command Used /configure --with-openssl-lib-dir=/usr/src/openssl-1.0.2c/ --with-openssl-include-dir=/usr/src/openssl-1.0.2c/
Those would usually have lib/ and include/ on the end. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Looks like the 1.0.2c did not install the lib files? root@freeradius /]# find -iname "openssl" ./etc/pki/ca-trust/extracted/openssl ./root/openssl ./usr/bin/openssl ./usr/lib64/openssl ./usr/local/ssl/bin/openssl ./usr/local/ssl/include/openssl ./usr/src/openssl-1.0.2c/apps/openssl ./usr/src/openssl-1.0.2c/include/openssl
On Jul 1, 2015, at 6:29 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 1 Jul 2015, at 20:15, Kris Armstrong <kris.armstrong@me.com> wrote:
I’m not sure why its checking for openssl .0.9.7
Command Used /configure --with-openssl-lib-dir=/usr/src/openssl-1.0.2c/ --with-openssl-include-dir=/usr/src/openssl-1.0.2c/
Those would usually have lib/ and include/ on the end.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think i’m still missing some OpenSSL Library? Hmmm ok now getting the following: ./configure --with-openssl-lib-dir=/usr/local/ssl/lib/ --with-openssl-include-dir=/usr/local/ssl/include/openssl/ [root@freeradius freeradius-server-3.0.8]# ls /usr/local/ssl/lib/ engines libcrypto.a libssl.a pkgconfig [root@freeradius freeradius-server-3.0.8]# ls /usr/local/ssl/include/openssl/ aes.h blowfish.h cmac.h crypto.h dso.h ec.h hmac.h md4.h obj_mac.h pem2.h rand.h safestack.h ssl23.h symhacks.h ui.h asn1.h bn.h cms.h des.h dtls1.h engine.h idea.h md5.h ocsp.h pem.h rc2.h seed.h ssl2.h tls1.h whrlpool.h asn1_mac.h buffer.h comp.h des_old.h ebcdic.h e_os2.h krb5_asn.h mdc2.h opensslconf.h pkcs12.h rc4.h sha.h ssl3.h ts.h x509.h asn1t.h camellia.h conf_api.h dh.h ecdh.h err.h kssl.h modes.h opensslv.h pkcs7.h ripemd.h srp.h ssl.h txt_db.h x509v3.h bio.h cast.h conf.h dsa.h ecdsa.h evp.h lhash.h objects.h ossl_typ.h pqueue.h rsa.h srtp.h stack.h ui_compat.h x509_vfy.h [root@freeradius freeradius-server-3.0.8]# CC src/modules/rlm_eap/libeap/eap_tls.c In file included from src/modules/rlm_eap/libeap/eap_tls.c:46:0: src/modules/rlm_eap/libeap/eap_tls.h:58:1: error: unknown type name ‘fr_tls_status_t’ fr_tls_status_t eaptls_process(eap_handler_t *handler); ^ src/modules/rlm_eap/libeap/eap_tls.h:62:36: error: unknown type name ‘tls_session_t’ int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) CC_HINT(nonnull); ^ src/modules/rlm_eap/libeap/eap_tls.h:66:45: error: unknown type name ‘SSL’ void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label); ^ src/modules/rlm_eap/libeap/eap_tls.h:67:28: error: unknown type name ‘SSL’ void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size); ^ src/modules/rlm_eap/libeap/eap_tls.h:68:48: error: unknown type name ‘SSL’ void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header); ^ src/modules/rlm_eap/libeap/eap_tls.h:102:1: error: unknown type name ‘tls_session_t’ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert); ^ src/modules/rlm_eap/libeap/eap_tls.h:102:55: error: unknown type name ‘fr_tls_server_conf_t’ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert); ^ src/modules/rlm_eap/libeap/eap_tls.h:106:1: error: unknown type name ‘fr_tls_server_conf_t’ fr_tls_server_conf_t *eaptls_conf_parse(CONF_SECTION *cs, char const *key); ^ src/modules/rlm_eap/libeap/eap_tls.c:64:1: error: unknown type name ‘tls_session_t’ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert) ^ src/modules/rlm_eap/libeap/eap_tls.c:64:55: error: unknown type name ‘fr_tls_server_conf_t’ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_start’: src/modules/rlm_eap/libeap/eap_tls.c:125:15: error: ‘FR_TLS_START’ undeclared (first use in this function) reply.code = FR_TLS_START; ^ src/modules/rlm_eap/libeap/eap_tls.c:125:15: note: each undeclared identifier is reported only once for each function it appears in src/modules/rlm_eap/libeap/eap_tls.c:129:2: warning: implicit declaration of function ‘SET_START’ [-Wimplicit-function-declaration] reply.flags = SET_START(reply.flags); ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_success’: src/modules/rlm_eap/libeap/eap_tls.c:143:2: error: unknown type name ‘tls_session_t’ tls_session_t *tls_session = handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:146:15: error: ‘FR_TLS_SUCCESS’ undeclared (first use in this function) reply.code = FR_TLS_SUCCESS; ^ src/modules/rlm_eap/libeap/eap_tls.c:152:2: warning: implicit declaration of function ‘tls_success’ [-Wimplicit-function-declaration] tls_success(tls_session, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:162:17: error: request for member ‘prf_label’ in something not a structure or union if (tls_session->prf_label) { ^ src/modules/rlm_eap/libeap/eap_tls.c:163:3: warning: implicit declaration of function ‘eaptls_gen_mppe_keys’ [-Wimplicit-function-declaration] eaptls_gen_mppe_keys(handler->request, ^ src/modules/rlm_eap/libeap/eap_tls.c:164:21: error: request for member ‘ssl’ in something not a structure or union tls_session->ssl, tls_session->prf_label); ^ src/modules/rlm_eap/libeap/eap_tls.c:164:39: error: request for member ‘prf_label’ in something not a structure or union tls_session->ssl, tls_session->prf_label); ^ src/modules/rlm_eap/libeap/eap_tls.c:169:2: warning: implicit declaration of function ‘eaptls_gen_eap_key’ [-Wimplicit-function-declaration] eaptls_gen_eap_key(handler->request->reply, tls_session->ssl, ^ src/modules/rlm_eap/libeap/eap_tls.c:169:57: error: request for member ‘ssl’ in something not a structure or union eaptls_gen_eap_key(handler->request->reply, tls_session->ssl, ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_fail’: src/modules/rlm_eap/libeap/eap_tls.c:177:2: error: unknown type name ‘tls_session_t’ tls_session_t *tls_session = handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:180:15: error: ‘FR_TLS_FAIL’ undeclared (first use in this function) reply.code = FR_TLS_FAIL; ^ src/modules/rlm_eap/libeap/eap_tls.c:186:2: warning: implicit declaration of function ‘tls_fail’ [-Wimplicit-function-declaration] tls_fail(tls_session); ^ src/modules/rlm_eap/libeap/eap_tls.c: At top level: src/modules/rlm_eap/libeap/eap_tls.c:205:36: error: unknown type name ‘tls_session_t’ int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_send_ack’: src/modules/rlm_eap/libeap/eap_tls.c:292:15: error: ‘FR_TLS_ACK’ undeclared (first use in this function) reply.code = FR_TLS_ACK; ^ src/modules/rlm_eap/libeap/eap_tls.c: At top level: src/modules/rlm_eap/libeap/eap_tls.c:312:1: error: unknown type name ‘fr_tls_status_t’ static fr_tls_status_t eaptls_verify(eap_handler_t *handler) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_verify’: src/modules/rlm_eap/libeap/eap_tls.c:355:4: warning: implicit declaration of function ‘tls_ack_handler’ [-Wimplicit-function-declaration] return tls_ack_handler(handler->opaque, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:358:11: error: ‘FR_TLS_INVALID’ undeclared (first use in this function) return FR_TLS_INVALID; ^ src/modules/rlm_eap/libeap/eap_tls.c:365:2: warning: implicit declaration of function ‘TLS_START’ [-Wimplicit-function-declaration] if (TLS_START(eaptls_packet->flags)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:383:2: warning: implicit declaration of function ‘TLS_LENGTH_INCLUDED’ [-Wimplicit-function-declaration] if (TLS_LENGTH_INCLUDED(eaptls_packet->flags)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:386:3: warning: implicit declaration of function ‘TLS_MORE_FRAGMENTS’ [-Wimplicit-function-declaration] if (TLS_MORE_FRAGMENTS(eaptls_packet->flags)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:399:12: error: ‘FR_TLS_FIRST_FRAGMENT’ undeclared (first use in this function) return FR_TLS_FIRST_FRAGMENT; ^ src/modules/rlm_eap/libeap/eap_tls.c:403:12: error: ‘FR_TLS_MORE_FRAGMENTS_WITH_LENGTH’ undeclared (first use in this function) return FR_TLS_MORE_FRAGMENTS_WITH_LENGTH; ^ src/modules/rlm_eap/libeap/eap_tls.c:407:11: error: ‘FR_TLS_LENGTH_INCLUDED’ undeclared (first use in this function) return FR_TLS_LENGTH_INCLUDED; ^ src/modules/rlm_eap/libeap/eap_tls.c:413:10: error: ‘FR_TLS_MORE_FRAGMENTS’ undeclared (first use in this function) return FR_TLS_MORE_FRAGMENTS; ^ src/modules/rlm_eap/libeap/eap_tls.c:420:9: error: ‘FR_TLS_OK’ undeclared (first use in this function) return FR_TLS_OK; ^ src/modules/rlm_eap/libeap/eap_tls.c: At top level: src/modules/rlm_eap/libeap/eap_tls.c:457:72: error: unknown type name ‘fr_tls_status_t’ static EAPTLS_PACKET *eaptls_extract(REQUEST *request, EAP_DS *eap_ds, fr_tls_status_t status) ^ src/modules/rlm_eap/libeap/eap_tls.c:628:1: error: unknown type name ‘fr_tls_status_t’ static fr_tls_status_t eaptls_operation(fr_tls_status_t status, ^ src/modules/rlm_eap/libeap/eap_tls.c:628:41: error: unknown type name ‘fr_tls_status_t’ static fr_tls_status_t eaptls_operation(fr_tls_status_t status, ^ src/modules/rlm_eap/libeap/eap_tls.c:724:1: error: unknown type name ‘fr_tls_status_t’ fr_tls_status_t eaptls_process(eap_handler_t *handler) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_process’: src/modules/rlm_eap/libeap/eap_tls.c:726:2: error: unknown type name ‘tls_session_t’ tls_session_t *tls_session = (tls_session_t *) handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:726:32: error: ‘tls_session_t’ undeclared (first use in this function) tls_session_t *tls_session = (tls_session_t *) handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:726:47: error: expected expression before ‘)’ token tls_session_t *tls_session = (tls_session_t *) handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:728:2: error: unknown type name ‘fr_tls_status_t’ fr_tls_status_t status; ^ src/modules/rlm_eap/libeap/eap_tls.c:731:23: error: ‘FR_TLS_FAIL’ undeclared (first use in this function) if (!request) return FR_TLS_FAIL; ^ src/modules/rlm_eap/libeap/eap_tls.c:734:2: warning: implicit declaration of function ‘SSL_set_ex_data’ [-Wimplicit-function-declaration] SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:734:29: error: request for member ‘ssl’ in something not a structure or union SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:734:36: error: ‘FR_TLS_EX_INDEX_REQUEST’ undeclared (first use in this function) SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:747:7: error: ‘FR_TLS_INVALID’ undeclared (first use in this function) case FR_TLS_INVALID: ^ src/modules/rlm_eap/libeap/eap_tls.c:756:7: error: ‘FR_TLS_SUCCESS’ undeclared (first use in this function) case FR_TLS_SUCCESS: ^ src/modules/rlm_eap/libeap/eap_tls.c:763:7: error: ‘FR_TLS_REQUEST’ undeclared (first use in this function) case FR_TLS_REQUEST: ^ src/modules/rlm_eap/libeap/eap_tls.c:764:3: warning: implicit declaration of function ‘eaptls_request’ [-Wimplicit-function-declaration] eaptls_request(handler->eap_ds, tls_session); ^ src/modules/rlm_eap/libeap/eap_tls.c:765:12: error: ‘FR_TLS_HANDLED’ undeclared (first use in this function) status = FR_TLS_HANDLED; ^ src/modules/rlm_eap/libeap/eap_tls.c:772:7: error: ‘FR_TLS_OK’ undeclared (first use in this function) case FR_TLS_OK: ^ src/modules/rlm_eap/libeap/eap_tls.c:778:7: error: ‘FR_TLS_FIRST_FRAGMENT’ undeclared (first use in this function) case FR_TLS_FIRST_FRAGMENT: ^ src/modules/rlm_eap/libeap/eap_tls.c:779:7: error: ‘FR_TLS_MORE_FRAGMENTS’ undeclared (first use in this function) case FR_TLS_MORE_FRAGMENTS: ^ src/modules/rlm_eap/libeap/eap_tls.c:780:7: error: ‘FR_TLS_LENGTH_INCLUDED’ undeclared (first use in this function) case FR_TLS_LENGTH_INCLUDED: ^ src/modules/rlm_eap/libeap/eap_tls.c:781:7: error: ‘FR_TLS_MORE_FRAGMENTS_WITH_LENGTH’ undeclared (first use in this function) case FR_TLS_MORE_FRAGMENTS_WITH_LENGTH: ^ src/modules/rlm_eap/libeap/eap_tls.c:788:2: warning: implicit declaration of function ‘eaptls_extract’ [-Wimplicit-function-declaration] if ((tlspacket = eaptls_extract(request, handler->eap_ds, status)) == NULL) { ^ src/modules/rlm_eap/libeap/eap_tls.c:788:17: warning: assignment makes pointer from integer without a cast [enabled by default] if ((tlspacket = eaptls_extract(request, handler->eap_ds, status)) == NULL) { ^ src/modules/rlm_eap/libeap/eap_tls.c:804:18: error: request for member ‘record_plus’ in something not a structure or union (tls_session->record_plus)(&tls_session->dirty_in, tlspacket->data, tlspacket->dlen)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:804:45: error: request for member ‘dirty_in’ in something not a structure or union (tls_session->record_plus)(&tls_session->dirty_in, tlspacket->data, tlspacket->dlen)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:821:2: warning: implicit declaration of function ‘SSL_is_init_finished’ [-Wimplicit-function-declaration] if (SSL_is_init_finished(tls_session->ssl)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:821:38: error: request for member ‘ssl’ in something not a structure or union if (SSL_is_init_finished(tls_session->ssl)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:835:17: error: request for member ‘peap_flag’ in something not a structure or union tls_session->peap_flag); ^ src/modules/rlm_eap/libeap/eap_tls.c:841:3: warning: implicit declaration of function ‘tls_application_data’ [-Wimplicit-function-declaration] status = tls_application_data(tls_session, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:848:2: warning: implicit declaration of function ‘eaptls_operation’ [-Wimplicit-function-declaration] status = eaptls_operation(status, handler); ^ src/modules/rlm_eap/libeap/eap_tls.c:851:29: error: request for member ‘ssl’ in something not a structure or union SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, NULL); ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_compose’: src/modules/rlm_eap/libeap/eap_tls.c:899:7: error: ‘FR_TLS_ACK’ undeclared (first use in this function) case FR_TLS_ACK: ^ src/modules/rlm_eap/libeap/eap_tls.c:900:7: error: ‘FR_TLS_START’ undeclared (first use in this function) case FR_TLS_START: ^ src/modules/rlm_eap/libeap/eap_tls.c:901:7: error: ‘FR_TLS_REQUEST’ undeclared (first use in this function) case FR_TLS_REQUEST: ^ src/modules/rlm_eap/libeap/eap_tls.c:904:7: error: ‘FR_TLS_SUCCESS’ undeclared (first use in this function) case FR_TLS_SUCCESS: ^ src/modules/rlm_eap/libeap/eap_tls.c:907:7: error: ‘FR_TLS_FAIL’ undeclared (first use in this function) case FR_TLS_FAIL: ^ src/modules/rlm_eap/libeap/eap_tls.c: At top level: src/modules/rlm_eap/libeap/eap_tls.c:927:1: error: unknown type name ‘fr_tls_server_conf_t’ fr_tls_server_conf_t *eaptls_conf_parse(CONF_SECTION *cs, char const *attr) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_conf_parse’: src/modules/rlm_eap/libeap/eap_tls.c:933:2: error: unknown type name ‘fr_tls_server_conf_t’ fr_tls_server_conf_t *tls_conf; ^ src/modules/rlm_eap/libeap/eap_tls.c:968:2: warning: implicit declaration of function ‘tls_server_conf_parse’ [-Wimplicit-function-declaration] tls_conf = tls_server_conf_parse(tls_cs); ^ src/modules/rlm_eap/libeap/eap_tls.c:968:11: warning: assignment makes pointer from integer without a cast [enabled by default] tls_conf = tls_server_conf_parse(tls_cs); ^ src/modules/rlm_eap/libeap/eap_tls.c:976:14: error: request for member ‘fragment_size’ in something not a structure or union if (tls_conf->fragment_size < 100) { ^ src/modules/rlm_eap/libeap/eap_tls.c:987:14: error: request for member ‘fragment_size’ in something not a structure or union if (tls_conf->fragment_size > 4000) { ^ src/modules/rlm_eap/libeap/eap_tls.c:997:10: error: request for member ‘fragment_size’ in something not a structure or union tls_conf->fragment_size -= 10; ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_verify’: src/modules/rlm_eap/libeap/eap_tls.c:421:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ make: *** [build/objs/src/modules/rlm_eap/libeap/eap_tls.lo] Error 1 [root@freeradius freeradius-server-3.0.8]# ./configure --with-openssl-lib-dir=/usr/local/ssl/lib/ --with-openssl-include-dir=/usr/local/ssl/include/openssl/
On Jul 1, 2015, at 6:44 PM, Kris Armstrong <kris.armstrong@me.com> wrote:
Looks like the 1.0.2c did not install the lib files?
root@freeradius /]# find -iname "openssl" ./etc/pki/ca-trust/extracted/openssl ./root/openssl ./usr/bin/openssl ./usr/lib64/openssl ./usr/local/ssl/bin/openssl ./usr/local/ssl/include/openssl ./usr/src/openssl-1.0.2c/apps/openssl ./usr/src/openssl-1.0.2c/include/openssl
On Jul 1, 2015, at 6:29 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 1 Jul 2015, at 20:15, Kris Armstrong <kris.armstrong@me.com> wrote:
I’m not sure why its checking for openssl .0.9.7
Command Used /configure --with-openssl-lib-dir=/usr/src/openssl-1.0.2c/ --with-openssl-include-dir=/usr/src/openssl-1.0.2c/
Those would usually have lib/ and include/ on the end.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Just a "test" if your host is "amd64" install the "alien" using yum and get all *.deb from http://wifilabs.mobicare.com.br/repo/freeradius-nightly/debian/dists/v3.0.x/... then try: # for i in *.deb; do alien -r $i; done # rpm -Uvh *.deb I don't know if works, but just try. remember that this repository is a "testing" from the HEAD of github. p.s: In the future, I will provide a nightly-build for RPM packages. -- Jorge Pereira On Wed, Jul 1, 2015 at 11:58 PM, Kris Armstrong <kris.armstrong@me.com> wrote:
I think i’m still missing some OpenSSL Library?
Hmmm ok now getting the following:
./configure --with-openssl-lib-dir=/usr/local/ssl/lib/ --with-openssl-include-dir=/usr/local/ssl/include/openssl/
[root@freeradius freeradius-server-3.0.8]# ls /usr/local/ssl/lib/ engines libcrypto.a libssl.a pkgconfig [root@freeradius freeradius-server-3.0.8]# ls /usr/local/ssl/include/openssl/ aes.h blowfish.h cmac.h crypto.h dso.h ec.h hmac.h md4.h obj_mac.h pem2.h rand.h safestack.h ssl23.h symhacks.h ui.h asn1.h bn.h cms.h des.h dtls1.h engine.h idea.h md5.h ocsp.h pem.h rc2.h seed.h ssl2.h tls1.h whrlpool.h asn1_mac.h buffer.h comp.h des_old.h ebcdic.h e_os2.h krb5_asn.h mdc2.h opensslconf.h pkcs12.h rc4.h sha.h ssl3.h ts.h x509.h asn1t.h camellia.h conf_api.h dh.h ecdh.h err.h kssl.h modes.h opensslv.h pkcs7.h ripemd.h srp.h ssl.h txt_db.h x509v3.h bio.h cast.h conf.h dsa.h ecdsa.h evp.h lhash.h objects.h ossl_typ.h pqueue.h rsa.h srtp.h stack.h ui_compat.h x509_vfy.h [root@freeradius freeradius-server-3.0.8]#
CC src/modules/rlm_eap/libeap/eap_tls.c In file included from src/modules/rlm_eap/libeap/eap_tls.c:46:0: src/modules/rlm_eap/libeap/eap_tls.h:58:1: error: unknown type name ‘fr_tls_status_t’ fr_tls_status_t eaptls_process(eap_handler_t *handler); ^ src/modules/rlm_eap/libeap/eap_tls.h:62:36: error: unknown type name ‘tls_session_t’ int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) CC_HINT(nonnull); ^ src/modules/rlm_eap/libeap/eap_tls.h:66:45: error: unknown type name ‘SSL’ void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label); ^ src/modules/rlm_eap/libeap/eap_tls.h:67:28: error: unknown type name ‘SSL’ void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size); ^ src/modules/rlm_eap/libeap/eap_tls.h:68:48: error: unknown type name ‘SSL’ void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header); ^ src/modules/rlm_eap/libeap/eap_tls.h:102:1: error: unknown type name ‘tls_session_t’ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert); ^ src/modules/rlm_eap/libeap/eap_tls.h:102:55: error: unknown type name ‘fr_tls_server_conf_t’ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert); ^ src/modules/rlm_eap/libeap/eap_tls.h:106:1: error: unknown type name ‘fr_tls_server_conf_t’ fr_tls_server_conf_t *eaptls_conf_parse(CONF_SECTION *cs, char const *key); ^ src/modules/rlm_eap/libeap/eap_tls.c:64:1: error: unknown type name ‘tls_session_t’ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert) ^ src/modules/rlm_eap/libeap/eap_tls.c:64:55: error: unknown type name ‘fr_tls_server_conf_t’ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_start’: src/modules/rlm_eap/libeap/eap_tls.c:125:15: error: ‘FR_TLS_START’ undeclared (first use in this function) reply.code = FR_TLS_START; ^ src/modules/rlm_eap/libeap/eap_tls.c:125:15: note: each undeclared identifier is reported only once for each function it appears in src/modules/rlm_eap/libeap/eap_tls.c:129:2: warning: implicit declaration of function ‘SET_START’ [-Wimplicit-function-declaration] reply.flags = SET_START(reply.flags); ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_success’: src/modules/rlm_eap/libeap/eap_tls.c:143:2: error: unknown type name ‘tls_session_t’ tls_session_t *tls_session = handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:146:15: error: ‘FR_TLS_SUCCESS’ undeclared (first use in this function) reply.code = FR_TLS_SUCCESS; ^ src/modules/rlm_eap/libeap/eap_tls.c:152:2: warning: implicit declaration of function ‘tls_success’ [-Wimplicit-function-declaration] tls_success(tls_session, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:162:17: error: request for member ‘prf_label’ in something not a structure or union if (tls_session->prf_label) { ^ src/modules/rlm_eap/libeap/eap_tls.c:163:3: warning: implicit declaration of function ‘eaptls_gen_mppe_keys’ [-Wimplicit-function-declaration] eaptls_gen_mppe_keys(handler->request, ^ src/modules/rlm_eap/libeap/eap_tls.c:164:21: error: request for member ‘ssl’ in something not a structure or union tls_session->ssl, tls_session->prf_label); ^ src/modules/rlm_eap/libeap/eap_tls.c:164:39: error: request for member ‘prf_label’ in something not a structure or union tls_session->ssl, tls_session->prf_label); ^ src/modules/rlm_eap/libeap/eap_tls.c:169:2: warning: implicit declaration of function ‘eaptls_gen_eap_key’ [-Wimplicit-function-declaration] eaptls_gen_eap_key(handler->request->reply, tls_session->ssl, ^ src/modules/rlm_eap/libeap/eap_tls.c:169:57: error: request for member ‘ssl’ in something not a structure or union eaptls_gen_eap_key(handler->request->reply, tls_session->ssl, ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_fail’: src/modules/rlm_eap/libeap/eap_tls.c:177:2: error: unknown type name ‘tls_session_t’ tls_session_t *tls_session = handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:180:15: error: ‘FR_TLS_FAIL’ undeclared (first use in this function) reply.code = FR_TLS_FAIL; ^ src/modules/rlm_eap/libeap/eap_tls.c:186:2: warning: implicit declaration of function ‘tls_fail’ [-Wimplicit-function-declaration] tls_fail(tls_session); ^ src/modules/rlm_eap/libeap/eap_tls.c: At top level: src/modules/rlm_eap/libeap/eap_tls.c:205:36: error: unknown type name ‘tls_session_t’ int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_send_ack’: src/modules/rlm_eap/libeap/eap_tls.c:292:15: error: ‘FR_TLS_ACK’ undeclared (first use in this function) reply.code = FR_TLS_ACK; ^ src/modules/rlm_eap/libeap/eap_tls.c: At top level: src/modules/rlm_eap/libeap/eap_tls.c:312:1: error: unknown type name ‘fr_tls_status_t’ static fr_tls_status_t eaptls_verify(eap_handler_t *handler) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_verify’: src/modules/rlm_eap/libeap/eap_tls.c:355:4: warning: implicit declaration of function ‘tls_ack_handler’ [-Wimplicit-function-declaration] return tls_ack_handler(handler->opaque, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:358:11: error: ‘FR_TLS_INVALID’ undeclared (first use in this function) return FR_TLS_INVALID; ^ src/modules/rlm_eap/libeap/eap_tls.c:365:2: warning: implicit declaration of function ‘TLS_START’ [-Wimplicit-function-declaration] if (TLS_START(eaptls_packet->flags)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:383:2: warning: implicit declaration of function ‘TLS_LENGTH_INCLUDED’ [-Wimplicit-function-declaration] if (TLS_LENGTH_INCLUDED(eaptls_packet->flags)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:386:3: warning: implicit declaration of function ‘TLS_MORE_FRAGMENTS’ [-Wimplicit-function-declaration] if (TLS_MORE_FRAGMENTS(eaptls_packet->flags)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:399:12: error: ‘FR_TLS_FIRST_FRAGMENT’ undeclared (first use in this function) return FR_TLS_FIRST_FRAGMENT; ^ src/modules/rlm_eap/libeap/eap_tls.c:403:12: error: ‘FR_TLS_MORE_FRAGMENTS_WITH_LENGTH’ undeclared (first use in this function) return FR_TLS_MORE_FRAGMENTS_WITH_LENGTH; ^ src/modules/rlm_eap/libeap/eap_tls.c:407:11: error: ‘FR_TLS_LENGTH_INCLUDED’ undeclared (first use in this function) return FR_TLS_LENGTH_INCLUDED; ^ src/modules/rlm_eap/libeap/eap_tls.c:413:10: error: ‘FR_TLS_MORE_FRAGMENTS’ undeclared (first use in this function) return FR_TLS_MORE_FRAGMENTS; ^ src/modules/rlm_eap/libeap/eap_tls.c:420:9: error: ‘FR_TLS_OK’ undeclared (first use in this function) return FR_TLS_OK; ^ src/modules/rlm_eap/libeap/eap_tls.c: At top level: src/modules/rlm_eap/libeap/eap_tls.c:457:72: error: unknown type name ‘fr_tls_status_t’ static EAPTLS_PACKET *eaptls_extract(REQUEST *request, EAP_DS *eap_ds, fr_tls_status_t status) ^ src/modules/rlm_eap/libeap/eap_tls.c:628:1: error: unknown type name ‘fr_tls_status_t’ static fr_tls_status_t eaptls_operation(fr_tls_status_t status, ^ src/modules/rlm_eap/libeap/eap_tls.c:628:41: error: unknown type name ‘fr_tls_status_t’ static fr_tls_status_t eaptls_operation(fr_tls_status_t status, ^ src/modules/rlm_eap/libeap/eap_tls.c:724:1: error: unknown type name ‘fr_tls_status_t’ fr_tls_status_t eaptls_process(eap_handler_t *handler) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_process’: src/modules/rlm_eap/libeap/eap_tls.c:726:2: error: unknown type name ‘tls_session_t’ tls_session_t *tls_session = (tls_session_t *) handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:726:32: error: ‘tls_session_t’ undeclared (first use in this function) tls_session_t *tls_session = (tls_session_t *) handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:726:47: error: expected expression before ‘)’ token tls_session_t *tls_session = (tls_session_t *) handler->opaque; ^ src/modules/rlm_eap/libeap/eap_tls.c:728:2: error: unknown type name ‘fr_tls_status_t’ fr_tls_status_t status; ^ src/modules/rlm_eap/libeap/eap_tls.c:731:23: error: ‘FR_TLS_FAIL’ undeclared (first use in this function) if (!request) return FR_TLS_FAIL; ^ src/modules/rlm_eap/libeap/eap_tls.c:734:2: warning: implicit declaration of function ‘SSL_set_ex_data’ [-Wimplicit-function-declaration] SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:734:29: error: request for member ‘ssl’ in something not a structure or union SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:734:36: error: ‘FR_TLS_EX_INDEX_REQUEST’ undeclared (first use in this function) SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:747:7: error: ‘FR_TLS_INVALID’ undeclared (first use in this function) case FR_TLS_INVALID: ^ src/modules/rlm_eap/libeap/eap_tls.c:756:7: error: ‘FR_TLS_SUCCESS’ undeclared (first use in this function) case FR_TLS_SUCCESS: ^ src/modules/rlm_eap/libeap/eap_tls.c:763:7: error: ‘FR_TLS_REQUEST’ undeclared (first use in this function) case FR_TLS_REQUEST: ^ src/modules/rlm_eap/libeap/eap_tls.c:764:3: warning: implicit declaration of function ‘eaptls_request’ [-Wimplicit-function-declaration] eaptls_request(handler->eap_ds, tls_session); ^ src/modules/rlm_eap/libeap/eap_tls.c:765:12: error: ‘FR_TLS_HANDLED’ undeclared (first use in this function) status = FR_TLS_HANDLED; ^ src/modules/rlm_eap/libeap/eap_tls.c:772:7: error: ‘FR_TLS_OK’ undeclared (first use in this function) case FR_TLS_OK: ^ src/modules/rlm_eap/libeap/eap_tls.c:778:7: error: ‘FR_TLS_FIRST_FRAGMENT’ undeclared (first use in this function) case FR_TLS_FIRST_FRAGMENT: ^ src/modules/rlm_eap/libeap/eap_tls.c:779:7: error: ‘FR_TLS_MORE_FRAGMENTS’ undeclared (first use in this function) case FR_TLS_MORE_FRAGMENTS: ^ src/modules/rlm_eap/libeap/eap_tls.c:780:7: error: ‘FR_TLS_LENGTH_INCLUDED’ undeclared (first use in this function) case FR_TLS_LENGTH_INCLUDED: ^ src/modules/rlm_eap/libeap/eap_tls.c:781:7: error: ‘FR_TLS_MORE_FRAGMENTS_WITH_LENGTH’ undeclared (first use in this function) case FR_TLS_MORE_FRAGMENTS_WITH_LENGTH: ^ src/modules/rlm_eap/libeap/eap_tls.c:788:2: warning: implicit declaration of function ‘eaptls_extract’ [-Wimplicit-function-declaration] if ((tlspacket = eaptls_extract(request, handler->eap_ds, status)) == NULL) { ^ src/modules/rlm_eap/libeap/eap_tls.c:788:17: warning: assignment makes pointer from integer without a cast [enabled by default] if ((tlspacket = eaptls_extract(request, handler->eap_ds, status)) == NULL) { ^ src/modules/rlm_eap/libeap/eap_tls.c:804:18: error: request for member ‘record_plus’ in something not a structure or union (tls_session->record_plus)(&tls_session->dirty_in, tlspacket->data, tlspacket->dlen)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:804:45: error: request for member ‘dirty_in’ in something not a structure or union (tls_session->record_plus)(&tls_session->dirty_in, tlspacket->data, tlspacket->dlen)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:821:2: warning: implicit declaration of function ‘SSL_is_init_finished’ [-Wimplicit-function-declaration] if (SSL_is_init_finished(tls_session->ssl)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:821:38: error: request for member ‘ssl’ in something not a structure or union if (SSL_is_init_finished(tls_session->ssl)) { ^ src/modules/rlm_eap/libeap/eap_tls.c:835:17: error: request for member ‘peap_flag’ in something not a structure or union tls_session->peap_flag); ^ src/modules/rlm_eap/libeap/eap_tls.c:841:3: warning: implicit declaration of function ‘tls_application_data’ [-Wimplicit-function-declaration] status = tls_application_data(tls_session, request); ^ src/modules/rlm_eap/libeap/eap_tls.c:848:2: warning: implicit declaration of function ‘eaptls_operation’ [-Wimplicit-function-declaration] status = eaptls_operation(status, handler); ^ src/modules/rlm_eap/libeap/eap_tls.c:851:29: error: request for member ‘ssl’ in something not a structure or union SSL_set_ex_data(tls_session->ssl, FR_TLS_EX_INDEX_REQUEST, NULL); ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_compose’: src/modules/rlm_eap/libeap/eap_tls.c:899:7: error: ‘FR_TLS_ACK’ undeclared (first use in this function) case FR_TLS_ACK: ^ src/modules/rlm_eap/libeap/eap_tls.c:900:7: error: ‘FR_TLS_START’ undeclared (first use in this function) case FR_TLS_START: ^ src/modules/rlm_eap/libeap/eap_tls.c:901:7: error: ‘FR_TLS_REQUEST’ undeclared (first use in this function) case FR_TLS_REQUEST: ^ src/modules/rlm_eap/libeap/eap_tls.c:904:7: error: ‘FR_TLS_SUCCESS’ undeclared (first use in this function) case FR_TLS_SUCCESS: ^ src/modules/rlm_eap/libeap/eap_tls.c:907:7: error: ‘FR_TLS_FAIL’ undeclared (first use in this function) case FR_TLS_FAIL: ^ src/modules/rlm_eap/libeap/eap_tls.c: At top level: src/modules/rlm_eap/libeap/eap_tls.c:927:1: error: unknown type name ‘fr_tls_server_conf_t’ fr_tls_server_conf_t *eaptls_conf_parse(CONF_SECTION *cs, char const *attr) ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_conf_parse’: src/modules/rlm_eap/libeap/eap_tls.c:933:2: error: unknown type name ‘fr_tls_server_conf_t’ fr_tls_server_conf_t *tls_conf; ^ src/modules/rlm_eap/libeap/eap_tls.c:968:2: warning: implicit declaration of function ‘tls_server_conf_parse’ [-Wimplicit-function-declaration] tls_conf = tls_server_conf_parse(tls_cs); ^ src/modules/rlm_eap/libeap/eap_tls.c:968:11: warning: assignment makes pointer from integer without a cast [enabled by default] tls_conf = tls_server_conf_parse(tls_cs); ^ src/modules/rlm_eap/libeap/eap_tls.c:976:14: error: request for member ‘fragment_size’ in something not a structure or union if (tls_conf->fragment_size < 100) { ^ src/modules/rlm_eap/libeap/eap_tls.c:987:14: error: request for member ‘fragment_size’ in something not a structure or union if (tls_conf->fragment_size > 4000) { ^ src/modules/rlm_eap/libeap/eap_tls.c:997:10: error: request for member ‘fragment_size’ in something not a structure or union tls_conf->fragment_size -= 10; ^ src/modules/rlm_eap/libeap/eap_tls.c: In function ‘eaptls_verify’: src/modules/rlm_eap/libeap/eap_tls.c:421:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ make: *** [build/objs/src/modules/rlm_eap/libeap/eap_tls.lo] Error 1 [root@freeradius freeradius-server-3.0.8]# ./configure --with-openssl-lib-dir=/usr/local/ssl/lib/ --with-openssl-include-dir=/usr/local/ssl/include/openssl/
On Jul 1, 2015, at 6:44 PM, Kris Armstrong <kris.armstrong@me.com> wrote:
Looks like the 1.0.2c did not install the lib files?
root@freeradius /]# find -iname "openssl" ./etc/pki/ca-trust/extracted/openssl ./root/openssl ./usr/bin/openssl ./usr/lib64/openssl ./usr/local/ssl/bin/openssl ./usr/local/ssl/include/openssl ./usr/src/openssl-1.0.2c/apps/openssl ./usr/src/openssl-1.0.2c/include/openssl
On Jul 1, 2015, at 6:29 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On 1 Jul 2015, at 20:15, Kris Armstrong <kris.armstrong@me.com> wrote:
I’m not sure why its checking for openssl .0.9.7
Command Used /configure --with-openssl-lib-dir=/usr/src/openssl-1.0.2c/ --with-openssl-include-dir=/usr/src/openssl-1.0.2c/
Those would usually have lib/ and include/ on the end.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
Arran Cudbard-Bell -
Jorge Pereira -
Kris Armstrong