reauth-problem with WPA2-tls
Alan DeKok
aland at deployingradius.com
Mon Jun 7 23:03:40 CEST 2010
Andreas Hartmann wrote:
> Problem is fixed! Your missing a ssl-option when setting up SSL. Since
> SSL version 0.9.8j, openssl supports stateless session resumption. This
> means, no session_id is created in the server, if both, client and
> server, support it.
>
> I'm using on both sides openssl 0.9.8k, the server generates no
> session-key (which you need for saving resume-data).
>
> See: http://www.mail-archive.com/openssl-users@openssl.org/msg56976.html.
All I can say is that is one of the *worst* poorly documented changes
in behavior I have ever seen. They could have made the default to be no
change in behavior, but no...
> Setting
>
> ctx_options |= SSL_OP_NO_TICKET ;
>
> in rlm_eap_tls.c
I've added the fix, thanks.
> is needed, to get a working sessionhandling in freeradius with openssl >
> 0.9.8i.
>
> It was good to have a lot of comments in the code and to have a lot of
> debug messages. So I could follow what's going on in detail.
That's good to hear.
Alan DeKok.
More information about the Freeradius-Users
mailing list