Migrating to a new server from 2.x to 3.0.4 CentOS 7

Kris Armstrong kris.armstrong at me.com
Wed Jul 1 23:43:32 CEST 2015 

Hi Jorge,

I attempted to upgrade to V3.0.8 however i’m getting this message

checking for DH_new in -lcrypto... no
checking for DH_new in -lcrypto in /usr/local/lib... no
checking for DH_new in -lcrypto in /opt/lib... no
configure: error: in `/home/freeradius-server-3.0.8':
configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL)
See `config.log' for more details


Checking the user/lib64 I have 

[root at freeradius lib64]# pwd
/usr/lib64
[root at freeradius lib64]# ls libcry*
libcrypt-2.17.so  libcrypto.so.10  libcrypto.so.1.0.1e  libcryptsetup.so.4  libcryptsetup.so.4.6.0  libcrypt.so  libcrypt.so.1
[root at freeradius lib64]#

So I tried 

[root at freeradius freeradius-server-3.0.8]# ./configure --with-openssl-lib-dir=/usr/lib64

And I got these results
checking for DH_new in -lcrypto in /usr/lib64... no
checking for DH_new in -lcrypto... no
checking for DH_new in -lcrypto in /usr/local/lib... no
checking for DH_new in -lcrypto in /opt/lib... no
configure: error: in `/home/freeradius-server-3.0.8':
configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL)
See `config.log' for more details

Perhaps i’m misunderstanding the error message




> On Jul 1, 2015, at 3:12 PM, Jorge Pereira <jpereiran at gmail.com> wrote:
> 
> Please,
> 
> try the 3.0.8 or build from the HEAD
> 
> --
> Jorge Pereira
> 
> On Wed, Jul 1, 2015 at 5:58 PM, Kris Armstrong <kris.armstrong at me.com>
> wrote:
> 
>> Hi,
>> 
>> I have migrated my root CA and free radius configs from FreeRadius 2.x to
>> 3.0.4 on CentOS7.  I’m receiving the following messages when attempting to
>> authenticate the client with EAP/TLS.  PEAP/MSCHPv2 works perfect.
>> 
>> I have tried to recreate the ROOT CA and Client cert but that produces the
>> same error message.  I’m not sure where to go from here.
>> 
>> (6)  eap_tls : <<< TLS 1.0 Handshake [length 03d4], Certificate
>> --> verify error:num=20:unable to get local issuer certificate
>> (6)  ERROR: eap_tls : SSL says error 20 : unable to get local issuer
>> certificate
>> (6)  eap_tls : >>> TLS 1.0 Alert [length 0002], fatal unknown_ca
>> (6)  ERROR: eap_tls : TLS Alert write:fatal:unknown CA
>> tls: TLS_accept: Error in SSLv3 read client certificate B
>> (6)  ERROR: eap_tls : SSL says: error:140890B2:SSL
>> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>> SSL: SSL_read failed in a system call (-1), TLS session fails.
>> TLS receive handshake failed during operation
>> (6)  eap_tls : eaptls_process returned 4
>> (6)  ERROR: eap : Failed continuing EAP TLS (13) session. EAP sub-module
>> failed
>> (6)  eap : Failed in EAP select
>> (6)   [eap] = invalid
>> (6)  } #  authenticate = invalid
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list