seg. fault with eap/tls and wrong certificate

Markus Krause krause at biochem.mpg.de
Thu Aug 11 23:50:39 CEST 2005 

hi all!

i am trying to set up eap/tls using freeradius (1.0.4, on debian sarge, built
package with option -disable-shared) and ran in the following problem:
if i am using the wrong certificate (both client and server certs were build
like the ones in the freeradius package using adapted CA.certs) freeradius
crashes!

the last lines of the output from "freeradius -X -A -s" is:

-----8<-----
rad_recv: Access-Request packet from host 192.168.0.5:1028, id=35, length=167
        User-Name = "test"
        NAS-IP-Address = 192.168.0.5
        NAS-Identifier = "Hawalius"
        Framed-MTU = 1496
        Called-Station-Id = "00-a0-c5-d1-03-15"
        Calling-Station-Id = "00-30-65-16-7d-49"
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020800250d800000001b1503010016cfbdb541e440865ba84b325309cdc5ad9d36af5784ff
        State = 0x0d56c72289ea3a6f6b45a070acc255db
        Message-Authenticator = 0x926e442107d8167882c136d983905804
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
  modcall[authorize]: module "preprocess" returns ok for request 15
  modcall[authorize]: module "chap" returns noop for request 15
  modcall[authorize]: module "mschap" returns noop for request 15
  rlm_eap: EAP packet type response id 8 length 37
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 15
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 15
modcall: group authorize returns updated for request 15
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 060b], Certificate
--> verify error:num=26:unsupported certificate purpose
chain-depth=0,
error=26
Segmentation fault
----->8-----

actually i am not sure to have all configured correctly because i get an
access-accept reply regardless of username and password but with the 'correct'
certificate.

btw: the client is a mac os x 10.3.9

any ideas anyone??

thanks in advance for any hint!

   markus

--
Markus Krause                           email: krause at biochem.mpg.de
Computing Center                        Tel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics           Fax.: 089 - 89 40 85 98

---------------------------------------------------------------------
     This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de

More information about the Freeradius-Users mailing list