I'm still struggling
with my server throwing
Error: TLS Alert
write:fatal:bad record mac
Error: TLS_accept:error in SSLv3 read certificate verify A
Error: rlm_eap: SSL error error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
Error: TLS_accept:error in SSLv3 read certificate verify A
Error: rlm_eap: SSL error error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
errors.
So I've
downgraded to 1.0.4, since that is the latest version that we have in
production right now.
This box had 1.1.3
installed (as a redhat package)
I removed that,
and and compiled 1.0.4 from source and installed it. (since I couldn't
get 1.0.4 to build as a package)
Two things I've
noticed..
1. The server
is printing out this in the radius.log
Wed Oct 18 17:35:53
2006 : Error: TLS_accept:error in SSLv3 read client
certificate A
Wed Oct 18 17:35:53 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
Wed Oct 18 17:35:53 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
Wed Oct 18 17:35:53 2006 : Info: rlm_eap_mschapv2: Issuing Challenge
Wed Oct 18 17:35:53 2006 : Auth: Login OK: [m2murray] (from client localhost port 0)
Wed Oct 18 17:35:53 2006 : Auth: Login OK: [m2murray] (from client BUWiSM-1-1 port 29 cli 00-13-CE-14-B7-05)
Wed Oct 18 17:35:53 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
Wed Oct 18 17:35:53 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
Wed Oct 18 17:35:53 2006 : Info: rlm_eap_mschapv2: Issuing Challenge
Wed Oct 18 17:35:53 2006 : Auth: Login OK: [m2murray] (from client localhost port 0)
Wed Oct 18 17:35:53 2006 : Auth: Login OK: [m2murray] (from client BUWiSM-1-1 port 29 cli 00-13-CE-14-B7-05)
I thought the errors
(SSL error error:00000000:lib(0):func(0):reason(0)) only started printing in
version 1.1.3 (It was something to do with sending it to the log instead
of stdout)
2. The server
died with the "bad record mac" error, which has only happened to me in the 1.1.3
and the 1.1.2 versions.
I've done a search,
and the only binary I have on my machine states that it is version 1.0.4
So my question
is:
did the increased
SSL logging come from FreeRADIUS, or from somewhere else, and could it be
related to the "bad record mac"?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html