Radius dies, on certificate verification

Robert Myers ccrider at whiterose.net
Sat Sep 16 19:25:53 CEST 2006 

I'm wondering if anyone else has seen this.

My setup is as follows, Seimens controller doing .1x auth, EAP-TLS

Both requests are from different users, and what I have now, is set 
max_requests_per_server to 300

Doesn't seem to have helped, as radwatch is reporting that another 
radiusd died....

Could this simply be an error with the specific certificates?  I haven't 
looked at it long enough to determine if the same two or three requests 
are killing radiusd...

I got the following when running radiusd -X with openssl .0.9.7c on 
gentoo, radius 1.1.1-r1

  modcall[authorize]: module "sql" returns notfound for request 14091
modcall: leaving group authorize (returns updated) for request 14091
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14091
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap: Freeing handler
*** glibc detected *** free(): invalid pointer: 0x0b415350 ***
Aborted

I had thought that perhaps this was an error with openssl , so I 
recompiled, with 0.9.8 openssl on gentoo, radiusd 1.1.1-r1

and now I get this.

  modcall[authorize]: module "sql" returns notfound for request 13856
modcall: leaving group authorize (returns updated) for request 13856
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13856
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/tls
  rlm_eap: processing type tls
  rlm_eap_tls: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0297], Certificate 
Segmentation fault

More information about the Freeradius-Users mailing list