Server stopped responding, throwing multiple SSL-related errors
Alan DeKok
aland at deployingradius.com
Mon Oct 23 20:40:00 CEST 2006
"Ben Beuchler" <insyte at gmail.com> wrote:
> I'm running FreeRADIUS 1.1.2 on Ubuntu. This morning one of the two
> servers stopped answering requests. The radius log contained
> thousands of lines like these:
>
> Mon Oct 23 12:32:56 2006 : Error: TLS Alert write:fatal:illegal parameter
> Mon Oct 23 12:32:56 2006 : Error: TLS_accept:error in SSLv3 read
> certificate verify A
> Mon Oct 23 12:32:56 2006 : Error: rlm_eap: SSL error
> error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size
Hmm... looking at google:
http://stunnel.mirt.net/pipermail/stunnel-users/2004-September/000037.html
See also
https://mail.internet2.edu/wws/arc/shibboleth-users/2004-01/msg00124.html
Unfortunately, OpenSSL doesn't really give useful error messages.
> Restarting radiusd fixed it.
That says to me there's a memory corruption issue.. maybe
back-porting the thread locks from CVS head to 1.1.x would help.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list