'Re: Failed in SSLv3 read client certificate A'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Failed in SSLv3 read client certificate A
From:       Arran Cudbard-Bell <a.cudbardb () freeradius ! org>
Date:       2016-06-18 23:50:27
Message-ID: 0DB0E56D-7227-4B86-B52A-8DE20A918D55 () freeradius ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


> On 18 Jun 2016, at 14:00, Michael Martinez <mwtzzz@gmail.com> wrote:
> 
> On Fri, Jun 17, 2016 at 1:26 PM, Alan DeKok <aland@deployingradius.com> wrote:
>> 
>>> On Jun 17, 2016, at 4:23 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
>>> 
>>> We really need to get this working. We're stumped on it. Anybody have
>>> any thoughts?
>> 
>>  Set disable_tlsv1_2 in the EAP module.
> 
> Maybe slightly off-topic, but how do I find which ssl library my
> freeradius server is compiled with? I do:
> root@2-rpi:/usr/local/freeradius/etc/raddb# ldd
> /usr/local/freeradius/sbin/radiusd
>        /usr/lib/arm-linux-gnueabihf/libcofi_rpi.so (0xb6f7e000)
>        libfreeradius-server.so =>
> /usr/local/freeradius/lib/libfreeradius-server.so (0xb6f4e000)
>           .....<snip>
> 
> But nothing about ssl libraries shows up there.
> 
> I do: strings /usr/local/freeradius/sbin/radiusd | grep -iE "openssl.*1"
> and I see a lot of references to openssl 1.0.2.f:
> Diffie-Hellman part of OpenSSL 1.0.2f  28 Jan 2016
> 
> so, pretty clear it's compiled against 1.0.2.f. But out of curiosity
> is there a way to definitely find out?

/usr/local/freeradius/sbin/radiusd -v

Is more accurate than using ldd.  It calls a version function in OpenSSL
to get the version, it doesn't use compile time macros.


> And, it seems "disable_tlsv1_2" was added as a way to get around some
> problems with older versions of openssl. But will it actually help in
> my case?

Probably not.  But just in case the apple supplicant is broken its worth trying.

-Arran

Arran Cudbard-Bell <a.cudbardb@freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2


["signature.asc" (signature.asc)]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.28
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJXZd5DAAoJEP+k1YKfttfK5DAQAJYdwoQpdMTvf+a+DJxhhYev
6x461PYZEDyjBpbJZR00pp9zZLOxxV67vaWLXwzKvw4enIJhet/vSrq58oM0K7lU
/C0PF4O9ySU2M1pHoHJpcLECbrSI9FinrVu+8N0WAVwPwHUOzmTThpa9sozTEafP
QCZmtqKrcLqwjeL7anUAuV+lb4ORh4590FMQge4e6QDGdwQzAK1dszozoOzsjZns
q3J6AoQdaG39m9ahjQAyHnLOTCZ0QcpnOEdNWjOeto/4ySRpwWVXC4W3sNtlcSZP
9ryL1fZ6alR7aK+YhgfQsemBh2jBupIydwGT9rScN8HhsVX4b+IijLBShzRvXimN
8Pge1jemwhLlK//OCIqAzfvoRZAdHYMzgPfIX14jLtMgg4K2ledqMivzM8jS6Re/
UbcvMQICyuntLih8LZjuzEoFsiiZjSBhJRkXgC84TpG8TiBxoDj7WUWdxvictGIn
d+6quKw+KYEPIMSvNzodb86VVFS7Fr2eGdnlpQ4XcHyvKBpOUNPrBW57Iu36Sp6X
dVxJhjTLngSmTgRcNnZR6lyuJzcXhYC0kF4dN5sfkMhMG7wCc3woqj/USRxysdLZ
vTO4RD96q3OvW5ONJtcBGXE/nzZxiAU6wWSofzxpCPWtp72XB/gdzb0huMQrMZDa
zycXCOUgCRvVXOCd2FmX
=z20m
-----END PGP SIGNATURE-----

[Attachment #6 (text/plain)]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic