strange behavior when EAP is enabled?

[Coy Hile]

> On Dec 22, 2019, at 12:08 PM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Dec 20, 2019, at 6:27 PM, Coy Hile <coy.hile at coyhile.com> wrote:
>> And, for posterity’s sake, I found the solution here.  The server.pem file created by the bootstrap script looks thus:
>> 
>> ```
>> Bag Attributes
>> localKeyID: ...
>> issuer=...
>> -----BEGIN CERTIFICATE-----
>> ...
>> -----END CERTIFICATE-----
>> Bag Attributes
>> more garbage...
>> -----BEGIN ENCRYPTED PRIVATE KEY-----
>> ...
>> ——END ENCRYPTED PRIVATE KEY——
>> ```
> 
>  Hmm... that's terrible.  I think OpenSSL changed that a while back.  It's a fairly stupid thing to do, IMHO.  If I want the PEM file, I don't care about extra garbage being printed.
> 
>> Once I moved the private key to the top of the file (and removed the Bag attributes information (which I haven’t seen before)), ending up with the server.pem looking thus:
>> 
>> ```
>> ——BEGIN ENCRYPTED PRIVATE KEY-----
>> ...
>> ——END ENCRYPTED PRIVATE KEY-----
>> -----BEGIN CERTIFICATE-----
>> ...
>> -----END CERTIFICATE-----
>> ```
>> 
>> the world is good to go.
> 
>  That's good to hear.  It's not clear why OpenSSL reads the file one mode but not the other.
> 
>  Alan DeKok.


I’ll check later in the week when I’m off to see whether something needs tweaked in the bootstrap and send a PR your way if so.

I agree it’s pretty terrible, but it is OpenSSL after all. Said only slightly tongue-in-cheek.


--
Coy Hile
coy.hile at coyhile.com