[RADIATOR] RADSEC error after upgrade from Radiator 4.3.1 to Radiator 4.4

Heikki Vatiainen hvn at archred.com
Wed Sep 9 09:14:15 CDT 2009


Patrick Renkens wrote:

> Today I upgraded Radiator from 4.3.1 to 4.4 on a SUN Solaris 5.9 system.
> After the upgrade the RADSEC connection over IPv6 did not work properly
> any more. See a piece of the logging below.
> No changes were made to the config files.
> I know that Net_SSLeay.pm is a module that can be a pain in the neck, we
> use version 1.30.

Do you have the latest patch set for 4.4 applied?

I was working on RadSec configuration on june-july and noticed also some 
problems with 4.4 that was not patched. One of the problem was with 
certificate verification.

 From the debug it looks like you have at least some of the patches 
installed (looks familiar :), but the interesting parts have been cut away.

If you are patched to the latest, please see TLS_ExpectedPeerName for 
both Server and AuthBy RADSEC. On one it is unspecified, and on the 
other it defaults to .+, i.e., allow any.

In summary my advice is to check the above keywords and check the 
"Certificate verification" chapters for both Server and AuthBy RADSEC. 
The verification works a bit differently between them, but with the 
latest patches it should work as documented.

> I had to revert to 4.3.1 to make things work again (without changing
> config files).
> 
> Any help is appreciated.

I hope this helps!

-- 
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547


More information about the radiator mailing list