strange behavior when EAP is enabled?
Coy Hile
coy.hile at coyhile.com
Mon Dec 23 03:48:01 CET 2019
> On Dec 22, 2019, at 12:08 PM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Dec 20, 2019, at 6:27 PM, Coy Hile <coy.hile at coyhile.com> wrote:
>> And, for posterity’s sake, I found the solution here. The server.pem file created by the bootstrap script looks thus:
>>
>> ```
>> Bag Attributes
>> localKeyID: ...
>> issuer=...
>> -----BEGIN CERTIFICATE-----
>> ...
>> -----END CERTIFICATE-----
>> Bag Attributes
>> more garbage...
>> -----BEGIN ENCRYPTED PRIVATE KEY-----
>> ...
>> ——END ENCRYPTED PRIVATE KEY——
>> ```
>
> Hmm... that's terrible. I think OpenSSL changed that a while back. It's a fairly stupid thing to do, IMHO. If I want the PEM file, I don't care about extra garbage being printed.
>
>> Once I moved the private key to the top of the file (and removed the Bag attributes information (which I haven’t seen before)), ending up with the server.pem looking thus:
>>
>> ```
>> ——BEGIN ENCRYPTED PRIVATE KEY-----
>> ...
>> ——END ENCRYPTED PRIVATE KEY-----
>> -----BEGIN CERTIFICATE-----
>> ...
>> -----END CERTIFICATE-----
>> ```
>>
>> the world is good to go.
>
> That's good to hear. It's not clear why OpenSSL reads the file one mode but not the other.
>
> Alan DeKok.
I’ll check later in the week when I’m off to see whether something needs tweaked in the bootstrap and send a PR your way if so.
I agree it’s pretty terrible, but it is OpenSSL after all. Said only slightly tongue-in-cheek.
--
Coy Hile
coy.hile at coyhile.com
More information about the Freeradius-Users
mailing list