EAP-TLS local issuer cert problem

Alan DeKok aland at deployingradius.com
Mon Dec 21 20:08:26 CET 2020


On Dec 21, 2020, at 1:58 PM, Kostya Berger via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Hi, seems like I poorly expressed my problem in my previous message, sorry for that.
> I seem to experience a bug in the OpenBSD pkg of Freeradius 3.0.21. Server denies access to client with good certs. These work perfectly well in an absolutely identical nstallation on FreeBSD...

  It's a bug in either (a) the OpenBSD package of FreeRADIUS, or (b) libreSSL on OpenBSD.

  There really isn't much we can do to fix it.  If it works on FreeBSD and not on OpenBSD, then the problem is OpenBSD.

> And I can't understand what's happening. It verifies the cert, says OK. But then verifies agsin and says NOT OK. Looks like the second time temp. file it's trying to read is already removed....  or what?
> OpenBSD ktrace output of #radiusd -X session is attached, hope it will help. It's in text format.

  Build FreeRADIUS from source on OpenBSD.  i.e. don't use their package.  If you still see the problem, then libreSSL is broken.  If you don't see the problem, then the OpenBSD people patched FreeRADIUS and broke it.

  Alan DeKok.





More information about the Freeradius-Users mailing list