FreeRadius and OpenSSL 1.0.2

Dave Duchscher daved at nostrum.com
Tue Mar 24 15:45:46 CET 2015


On Mar 23, 2015, at 12:10 PM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Mar 23, 2015, at 10:20 AM, Dave Duchscher <daved at nostrum.com> wrote:
> 
>> I am testing FreeRadius with OpenSSL 1.0.2 and noticed a strange issue.  TTLS-MSCHAPv2 fails.  PEAP and TTLS-(PAP, CHAP, MSCHAPv1) all work.  The error that stands out is 'Invalid ACK received: 0'.  I get this on both 2.2.6 and 3.0.7.
>> 
>> 2.2.6
>> Mon Mar 23 08:40:09 2015 : Info: [ttls] Authenticate
>> Mon Mar 23 08:40:09 2015 : Info: [ttls] processing EAP-TLS
>> Mon Mar 23 08:40:09 2015 : Info: [ttls] Received TLS ACK
>> Mon Mar 23 08:40:09 2015 : Info: [ttls] ACK default
>> Mon Mar 23 08:40:09 2015 : Error: [ttls] Invalid ACK received: 0
> 
>  Ug.  That’s ContentType 0.  See http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-5
> 
>  It’s unassigned.  Why the heck is the client sending that?

This was from eapol_test from wpa_supplicant.  Not sure of the version.  I pulled down wpa_supplicant 2.4 and the issue has disappeared.  Weird that it showed up with the newer version of openssl.

My apologies for the noise.

>> I assuming this a problem with the FreeBSD's OpenSSL 1.0.2 port but wanted to ask if anybody else has seen issues with the latest OpenSSL version?
> 
>  Nope.

--
Dave




More information about the Freeradius-Users mailing list