No SSL info available. Waiting for more SSL data with Red Hat 7.1
Dick
dm at chello.nl
Wed Jul 13 21:35:12 CEST 2005
Alan DeKok <aland <at> ox.org> writes:
> I would suggest going through the debug logs for the two different
> servers, and comparing the packets in detail. Find out what the
> differences are, and why. That will tell you what's going on.
the problems start with the following difference:
from glibc-2.2 radius:
rlm_eap_tls: Length Included
eaptls_verify returned 11
TLS_accept: SSLv3 read client key exchange A
TLS_accept: SSLv3 read finished A
TLS_accept: SSLv3 write change cipher spec A
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
from glibc-2.3 radius:
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
> Are you *sure* that the only differences in the two installations is
> glibc? Maybe there's incompatible OpenSSL versions?
The captured packets are completely different, the glibc-2.2 capture contains a
NAS identifier, NAS Port, Framed MTU, NAS Port Type in the Access Request but
the glibc-2.3 capture seems to lack this information. While the request came
from the same accesspoint! (with an other radius server configured)
Does this ring a bell?
Thanks so far,
greetings
Dick
More information about the Freeradius-Users
mailing list