[RADIATOR] TLS_CertificateChainFile within ServerRADSEC not working?

Jan Tomasek jan at tomasek.cz
Thu Apr 16 04:31:34 CDT 2015


Hello,

I'm trying configure ServerRADSEC to sent certificate chain but it wont 
work :(

<ServerRADSEC>
         Secret 			mysecret
	BindAddress		::,0.0.0.0

         UseTLS
         TLS_CAFile		/etc/radiator/trusted-CA.pem
         TLS_CertificateType	PEM
         TLS_CertificateFile	/etc/ssl/certs/eduroom.cesnet.cz.crt
         TLS_PrivateKeyFile 	/etc/ssl/private/eduroom.cesnet.cz.key
	TLS_CertificateChainFile /etc/ssl/certs/TERENA_SSL_CA_2.pem


root at eduroom:/var/log/arch/radiator# cat /etc/ssl/certs/TERENA_SSL_CA_2.pem
-----BEGIN CERTIFICATE-----
MIIF+TCCA+GgAwIBAgIRALD/zzodgkSYFWKdZIhqQWUwDQYJKoZIhvcNAQEMBQAw
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0
MTAwOTAwMDAwMFoXDTI0MTAwODIzNTk1OVowZDELMAkGA1UEBhMCTkwxFjAUBgNV
BAgTDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcTCUFtc3RlcmRhbTEPMA0GA1UEChMG
VEVSRU5BMRgwFgYDVQQDEw9URVJFTkEgU1NMIENBIDIwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCwOm1/qbgAnvOFOghkLPlEDCC0sxVNBi2m8JPJSL73
ZK2kjhWzMYEUF/xu4osZdYs2Es8HbXZ4Jl4nvywWukL73R5Qj2SvdZsKOoKpMSVR
jn/EQt0fXJORu5T6cFf65/24uGjKm2oZJFQ3/jJhifciwY9j1dFpfklNvNfQ20zW
9g+9wYhCk9aR+Z+WmRHqbnLngCFs8U6O7GO4Pa9lOdCFkip5Og7W6K2bJYmi1C5y
a3Oh0uLfzlhw/8BUAXdd+XadL0PaoibdHUKaTTixVv46tMtrbPJqnz+zrjun0BU+
rCd/G/RZYFBWfp11JZ4/xna//5nM2PGpaolf3ucHzY2LAgMBAAGjggF/MIIBezAf
BgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUW9CKHJoy
W+C13ZZUG+GGKLD9tr0wDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCwGA1UdIAQlMCMwDQYL
KwYBBAGyMQECAh0wCAYGZ4EMAQIBMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
hvcNAQEMBQADggIBAH2QaWZWVBxrPK5/JQgT6btkbPVniC+9wVEKrtNj9i3bcDEJ
AH4di9rkMyGY4CGT28COJY5VBswqZeMD6FlyJ643mph8wvQTWhJxLW2r3zJpgacG
oosgHaiQ0iiqYdT2/6W/hoCOZ5EqIn4dlC0aYbsgIZCJ6NUKEQr2CLpeG8tsKIU+
xRYPZf230bFhwaYl2Ia/Dvqb+tH1IqdnuBUu+Qitt3UCOfQpYfm/wKoX60LeJo+d
ZWQyB95sPTLTA+xH1XRpIDp+uHDvqaIqnFVCtuM+i9j/Jlr7fCZsiIWG15M+UPhE
h9RQ0R1DMDK60rqNIQjK9+7Gbs6SWQgcU3N0j5z4160avk1G7qzEuYHrp1DMHWb8
Dg1+Bh24DtN+u5qHrgu2m4QEzsGgexbfArIYQ62ruSYJq6oEHVA37iq9IkGKALXc
n8MF1OaCTGfaKwL1ZaxZKbt6DE5Ut9I7fQM7IGTGxehQKpKwX6BHl3JYX8EKb5/1
PQnV5whodZLi1biej76NGztDjPNO1VSrdu3MUH8ume20tUn643V9ixFoDdU6+l1Q
sCuBA3gstNuPv0xAW5KjohoKQV2sV/puV070B1XrYwgykwAkSl2dwsFSKJPByCQa
ppP7zX0/pnO8z2ideWMu5yUrQjg2sQtWwopf965KMdnfagbNL6OYCbwFgBPH
-----END CERTIFICATE-----

when client connects Radiator print:

> Thu Apr 16 11:29:29 2015: DEBUG: Stream connected to 2001:718:1:6:ea94:f6ff:fe33:651e:60211
> Thu Apr 16 11:29:29 2015: DEBUG: StreamTLS sessionInit for 2001:718:1:6:ea94:f6ff:fe33:651e
> Thu Apr 16 11:29:29 2015: ERR: StreamTLS could not create SSL: Net::SSLeay::new failed:  17482: 1 - error:140BA0C3:SSL routines:SSL_new:null ssl ctx
> ,Inappropriate ioctl for device
> Thu Apr 16 11:29:29 2015: DEBUG: New StreamServer Connection created for 2001:718:1:6:ea94:f6ff:fe33:651e:60211
> Thu Apr 16 11:29:29 2015: DEBUG: Stream connected to 2001:718:e:0:ea94:f6ff:fe3f:68d8:32903
> Thu Apr 16 11:29:29 2015: DEBUG: StreamTLS sessionInit for 2001:718:e:0:ea94:f6ff:fe3f:68d8
> Thu Apr 16 11:29:29 2015: ERR: StreamTLS could not create SSL: Net::SSLeay::new failed:  17482: 1 - error:140BA0C3:SSL routines:SSL_new:null ssl ctx
> ,Inappropriate ioctl for device
> Thu Apr 16 11:29:29 2015: DEBUG: New StreamServer Connection created for 2001:718:e:0:ea94:f6ff:fe3f:68d8:32903
> Thu Apr 16 11:29:30 2015: DEBUG: Stream connected to 195.113.187.22:46764
> Thu Apr 16 11:29:30 2015: DEBUG: StreamTLS sessionInit for 195.113.187.22
> Thu Apr 16 11:29:30 2015: ERR: StreamTLS could not create SSL: Net::SSLeay::new failed:  17482: 1 - error:140BA0C3:SSL routines:SSL_new:null ssl ctx
> ,Inappropriate ioctl for device

Without TLS_CertificateChainFile everything works fine.

Thanks for any help
-- 
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/


More information about the radiator mailing list