On Mon, 10 Nov 2003, Alan DeKok wrote: > Kostas Kalevras <[EMAIL PROTECTED]> wrote: > > For the core dump now: > ... > > (gdb) print s->s2 > > $2 = (struct ssl2_state_st *) 0x8117400 > > (gdb) print s->s3 > > $3 = (struct ssl3_state_st *) 0x0 > > > > In other words the s->s3 structure is NULL. > > See RFC 2716, top of page 3. TLS version 1 is required. See > ssl/ssl.h, SSLv3 is pretty much TLS version 1. > > So the TLS session SHOULD have been rejected, as soon as the client > tried to use SSLv2. This may be a failure in the EAP-TLS code. > > Hmm... See: src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c, > line 185: > > /* > * Set ctx_options > */ > ctx_options |= SSL_OP_NO_SSLv2; > ctx_options |= SSL_OP_NO_SSLv3; > > > So SSLv2 and SSLv3 should NOT be used. Ever.
OK now i am getting really puzzled. I did this little change: eap_tls.c, line 680 DEBUG2(" rlm_eap_tls: processing TLS"); if (tls_session->ssl) DEBUG("rlm_eap_tls: Version: %s",SSL_get_version(tls_session->ssl)); and i get: Mon Nov 10 18:33:14 2003 : Debug: rlm_eap_tls: processing TLS Mon Nov 10 18:33:14 2003 : Debug: rlm_eap_tls: Version: TLSv1 Man page for SSL_get_version: "returns the name of the protocol used for the connection ssl." Unfortunately i don't have a sniffer capable of returning the TLS session details from within the EAP message conversation. So.... /me puzzled > > > In any case that one is causing the core dumps. If there are no > > objections i can add a few checks in eaptls_gen_mppe_keys() and > > eapttls_gen_challenge() for s->s3 being NULL > > I'd say add a few checks to the TLS module, eaptls_process(), so > that at it returns FAILED if s->s3 == NULL. That will prevent the > core dump, but it will also prevent your client from working. It's rather strange since i am also using the AEGIS client. How can i be so damn lucky and hit on all errors? :-) > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html