Version Question

[King, Michael]

I'm still struggling with my server throwing

Error: TLS Alert write:fatal:bad record mac
Error:     TLS_accept:error in SSLv3 read certificate verify A
Error: rlm_eap: SSL error error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Error: rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.

 

errors.

 

So I've downgraded to 1.0.4, since that is the latest version that we have in production right now.

 

This box had 1.1.3 installed (as a redhat package)

 

I removed that, and and compiled 1.0.4 from source and installed it.  (since I couldn't get  1.0.4 to build as a package)

 

Two things I've noticed..

 

1.  The server is printing out this in the radius.log

Wed Oct 18 17:35:53 2006 : Error:     TLS_accept:error in SSLv3 read client certificate A
Wed Oct 18 17:35:53 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
Wed Oct 18 17:35:53 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
Wed Oct 18 17:35:53 2006 : Info: rlm_eap_mschapv2: Issuing Challenge
Wed Oct 18 17:35:53 2006 : Auth: Login OK: [m2murray] (from client localhost port 0)
Wed Oct 18 17:35:53 2006 : Auth: Login OK: [m2murray] (from client BUWiSM-1-1 port 29 cli 00-13-CE-14-B7-05)

 

I thought the errors (SSL error error:00000000:lib(0):func(0):reason(0)) only started printing in version 1.1.3  (It was something to do with sending it to the log instead of stdout)

 

2.  The server died with the "bad record mac" error, which has only happened to me in the 1.1.3 and the 1.1.2 versions. 

 

I've done a search, and the only binary I have on my machine states that it is version 1.0.4 

 

So my question is:

 

did the increased SSL logging come from FreeRADIUS, or from somewhere else, and could it be related to the "bad record mac"?

 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html