HUP stops radiusd
John Horne
john.horne at plymouth.ac.uk
Tue May 15 16:30:25 CEST 2007
On Mon, 2007-05-14 at 22:56 +0200, Alan DeKok wrote:
> John Horne wrote:
> ...
> > Mon May 14 13:38:54 2007 : Info: rlm_eap_tls: Loading the certificate
> > file as a chain
> > Mon May 14 13:38:54 2007 : Error: rlm_eap: SSL error error:0906D06C:PEM
> > routines:PEM_read_bio:no start line
>
> Ah.... I think what's happening is that OpenSSL is caching the file
> from the last time it was read. So the server starts, and reads 1
> certificate from the file. OpenSSL leaves the file open, or remembers
> where it left off. When FreeRADIUS asks OpenSSL to read the file again,
> OpenSSL continues from where it left off, rather than starting from the
> beginning of the file.
>
Well I like the explanation, but unfortunately it doesn't work. Radiusd
still dies at the first HUP.
However, one thing I have noticed is that if I start Freeradius up
from /etc/init.d (this is a CentOS server so I used 'service radiusd
start'), then I can HUP the daemon once and it stays running. HUP it a
second time and it fails (this is with one certificate in the file). If
I start Freeradius as '/usr/sbin/radiusd -X', and HUP it, then it fails
straight away. In both cases the failure messages are the same as those
originally reported.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: John.Horne at plymouth.ac.uk Fax: +44 (0)1752 233839
More information about the Freeradius-Users
mailing list