[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Failed in SSLv3 read client certificate A
From: Arran Cudbard-Bell <a.cudbardb () freeradius ! org>
Date: 2016-06-18 23:50:27
Message-ID: 0DB0E56D-7227-4B86-B52A-8DE20A918D55 () freeradius ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
> On 18 Jun 2016, at 14:00, Michael Martinez <mwtzzz@gmail.com> wrote:
>
> On Fri, Jun 17, 2016 at 1:26 PM, Alan DeKok <aland@deployingradius.com> wrote:
>>
>>> On Jun 17, 2016, at 4:23 PM, Michael Martinez <mwtzzz@gmail.com> wrote:
>>>
>>> We really need to get this working. We're stumped on it. Anybody have
>>> any thoughts?
>>
>> Set disable_tlsv1_2 in the EAP module.
>
> Maybe slightly off-topic, but how do I find which ssl library my
> freeradius server is compiled with? I do:
> root@2-rpi:/usr/local/freeradius/etc/raddb# ldd
> /usr/local/freeradius/sbin/radiusd
> /usr/lib/arm-linux-gnueabihf/libcofi_rpi.so (0xb6f7e000)
> libfreeradius-server.so =>
> /usr/local/freeradius/lib/libfreeradius-server.so (0xb6f4e000)
> .....<snip>
>
> But nothing about ssl libraries shows up there.
>
> I do: strings /usr/local/freeradius/sbin/radiusd | grep -iE "openssl.*1"
> and I see a lot of references to openssl 1.0.2.f:
> Diffie-Hellman part of OpenSSL 1.0.2f 28 Jan 2016
>
> so, pretty clear it's compiled against 1.0.2.f. But out of curiosity
> is there a way to definitely find out?
/usr/local/freeradius/sbin/radiusd -v
Is more accurate than using ldd. It calls a version function in OpenSSL
to get the version, it doesn't use compile time macros.
> And, it seems "disable_tlsv1_2" was added as a way to get around some
> problems with older versions of openssl. But will it actually help in
> my case?
Probably not. But just in case the apple supplicant is broken its worth trying.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.28
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJXZd5DAAoJEP+k1YKfttfK5DAQAJYdwoQpdMTvf+a+DJxhhYev
6x461PYZEDyjBpbJZR00pp9zZLOxxV67vaWLXwzKvw4enIJhet/vSrq58oM0K7lU
/C0PF4O9ySU2M1pHoHJpcLECbrSI9FinrVu+8N0WAVwPwHUOzmTThpa9sozTEafP
QCZmtqKrcLqwjeL7anUAuV+lb4ORh4590FMQge4e6QDGdwQzAK1dszozoOzsjZns
q3J6AoQdaG39m9ahjQAyHnLOTCZ0QcpnOEdNWjOeto/4ySRpwWVXC4W3sNtlcSZP
9ryL1fZ6alR7aK+YhgfQsemBh2jBupIydwGT9rScN8HhsVX4b+IijLBShzRvXimN
8Pge1jemwhLlK//OCIqAzfvoRZAdHYMzgPfIX14jLtMgg4K2ledqMivzM8jS6Re/
UbcvMQICyuntLih8LZjuzEoFsiiZjSBhJRkXgC84TpG8TiBxoDj7WUWdxvictGIn
d+6quKw+KYEPIMSvNzodb86VVFS7Fr2eGdnlpQ4XcHyvKBpOUNPrBW57Iu36Sp6X
dVxJhjTLngSmTgRcNnZR6lyuJzcXhYC0kF4dN5sfkMhMG7wCc3woqj/USRxysdLZ
vTO4RD96q3OvW5ONJtcBGXE/nzZxiAU6wWSofzxpCPWtp72XB/gdzb0huMQrMZDa
zycXCOUgCRvVXOCd2FmX
=z20m
-----END PGP SIGNATURE-----
[Attachment #6 (text/plain)]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic