(RADIATOR) BUG? EAP TLS hangs

Mike McCauley mikem at open.com.au
Mon Jun 30 18:38:48 CDT 2003


Hello all,


On Tue, 1 Jul 2003 04:27 am, Ken Wolstencroft wrote:
> Hi Denis,
>
> I had the same problem and spent ages recompiling OpenSSL with all the ssl
> version work arounds etc.
>
> The way I finally solved it was to add the following to the EAPTLS AuthBy:
>
> EAPTLS_SessionResumption 0
>
> Can anyone suggest why this happens in the first place and why stopping
> session resumption seems to solve the problem.

We made a patch recently for a similar issue. It occured after a failed 
attempt to resume a session, so thats why setting EAPTLS_SessionResumption 0 
fixed it.

Cheers.

>
> All the best,
> Ken
> MyZones Ltd
>
> ----- Original Message -----
> From: "Denis Pavani" <d.pavani at cineca.it>
> To: <radiator at open.com.au>
> Sent: Monday, June 30, 2003 4:44 PM
> Subject: (RADIATOR) BUG? EAP TLS hangs
>
> > Hello, I got a strange behaviour from Radiator 3.6, on Solaris with
> > OpenSSL 0.9.7a
> > Most of time, all authentication are OK, but sometimes EAP-TLS stop
> > working, and gives errors as below.
> > Restarting the daemon (sending an HUP signal does not work, I must kill
> > process and restart) fixes the situation.
> > Any idea?
> >
> > Mon Jun 30 17:30:17 2003: DEBUG: Handling with Radius::AuthLDAP2:
> > Mon Jun 30 17:30:17 2003: DEBUG: Handling with EAP: code 2, 33, 98
> > Mon Jun 30 17:30:17 2003: DEBUG: Response type 13
> > Mon Jun 30 17:30:17 2003: ERR: EAP TLS error: -1, 1, 24576,  10385: 1 -
> > error:14
> > 0A4044:SSL routines:SSL_clear:internal error
> >  10385: 2 - error:14080044:SSL routines:SSL3_ACCEPT:internal error
> >
> > Mon Jun 30 17:30:17 2003: DEBUG: Handling with Radius::AuthFILE:
> > Mon Jun 30 17:30:17 2003: DEBUG: Handling with EAP: code 2, 33, 98
> > Mon Jun 30 17:30:17 2003: DEBUG: Response type 13
> > Mon Jun 30 17:30:17 2003: ERR: EAP TLS error: -1, 1, 24576,  10385: 1 -
> > error:14
> > 0A4044:SSL routines:SSL_clear:internal error
> >  10385: 2 - error:14080044:SSL routines:SSL3_ACCEPT:internal error
> >
> > Mon Jun 30 17:30:17 2003: INFO: Access rejected for d.pavani at cineca.it:
> > EAP TLS
> > error
> >
> > --
> > ************************************************************************
> > Denis Pavani
> >
> > CINECA    -    Comunicazioni e Sistemi Distribuiti
> > NOC - Network Operations Center
> >
> > phone:+39 0516171953 / fax:+39 0516132198
> > http://www.cineca.it
> > ************************************************************************
> >  "Siamo pagati per adattarci, improvvisare e raggiungere lo scopo"
> >   -- Gunny Highway
> >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.493 / Virus Database: 292 - Release Date: 6/25/2003
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list