Certificate problem between 3.0.11 and 3.1.x

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sat Mar 19 15:00:13 CET 2016


> On 19 Mar 2016, at 00:10, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> 
>> 
>> On 18 Mar 2016, at 23:22, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
>> 
>> On Fri, Mar 18, 2016 at 12:02:40PM +0000, Matthew Newton wrote:
>>> On Fri, Mar 18, 2016 at 09:23:20AM +0000, Scott Armitage wrote:
>>>> Alan Buxey and myself have spent some time and believe we have tracked down the commit which broke EAP:
>>>> 
>>>> commit 8a7f6e330f45439d333f61dde7ee0982ebcc2a29
>>>> Author: Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>>>> Date:   Sun Dec 6 00:34:21 2015 -0500
>>>> 
>>>>   Add additional debugging so we can track TLS fragments sent
>>> 
>>> Hmm. If that's the case, then the bug is probably to do with the
>>> length included flag and the length of the packet.
>> 
>> Close. Think I may have found it. Have found the differences,
>> anyway.

Finished poking for today.  If you run with radiusd -Xx you should now see improved
debug output.

Upping fragment_len on the inner eap module didn't make any difference.  It seem to
be an issue with sending large amounts of application data in the outer TLS tunnel
after handshaking has completed.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160319/fa922ade/attachment.sig>


More information about the Freeradius-Users mailing list