[RADIATOR] RADSEC error after upgrade from Radiator 4.3.1 to Radiator 4.4
Heikki Vatiainen
hvn at archred.com
Wed Sep 9 09:14:15 CDT 2009
Patrick Renkens wrote:
> Today I upgraded Radiator from 4.3.1 to 4.4 on a SUN Solaris 5.9 system.
> After the upgrade the RADSEC connection over IPv6 did not work properly
> any more. See a piece of the logging below.
> No changes were made to the config files.
> I know that Net_SSLeay.pm is a module that can be a pain in the neck, we
> use version 1.30.
Do you have the latest patch set for 4.4 applied?
I was working on RadSec configuration on june-july and noticed also some
problems with 4.4 that was not patched. One of the problem was with
certificate verification.
From the debug it looks like you have at least some of the patches
installed (looks familiar :), but the interesting parts have been cut away.
If you are patched to the latest, please see TLS_ExpectedPeerName for
both Server and AuthBy RADSEC. On one it is unspecified, and on the
other it defaults to .+, i.e., allow any.
In summary my advice is to check the above keywords and check the
"Certificate verification" chapters for both Server and AuthBy RADSEC.
The verification works a bit differently between them, but with the
latest patches it should work as documented.
> I had to revert to 4.3.1 to make things work again (without changing
> config files).
>
> Any help is appreciated.
I hope this helps!
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
More information about the radiator
mailing list