--On Tuesday, June 24, 2003 09:58:28 PM +1000 Mike McCauley <[EMAIL PROTECTED]> wrote:
> Hello Jerome, > > > On Tue, 24 Jun 2003 08:32 pm, Jerome Fleury wrote: >> --On mardi 24 juin 2003 09:26 +1000 Mike McCauley <[EMAIL PROTECTED]> wrote: >> > Hello Jeremy, >> > >> > thanks for the full log. >> > >> > Looks like Radiator is not seeing a completed client hello from your >> > client: its still waiting for the client hello to be closed off. >> > This is very puzzling: your client is behaving differently to other >> > clients we have observed. >> > >> > What PEAP client are you using? >> >> Well, this is quite strange as I use both Windows2000 client (hotfix from >> microsoft) and Funk Odyssey client, giving the same bad result. >> >> Maybe the source of the problem could be the AP (Cisco 1200) or the client >> card (Orinoco, one of the first Lucent ones indeed) ? > > OK, I have just retested here with the latest Odyssey 2.0 client and Windows > 2000. I can see that the latest Odyssey client does in fact act differently > on 2000, nevertheless Radiator worked ok here with it with a successful > authentication > > So now I am back to wondering why Radaitor did not respond to the client > hello. Normally it responds with the server certificate. > > I have looked closely again at your log file and I see something else strange: > > Mon Jun 23 14:04:09 2003: DEBUG: EAP TLS SSL_accept result: -1, 2, 8465 > Mon Jun 23 14:04:09 2003: ERR: jeje - want read > Mon Jun 23 14:04:09 2003: ERR: EAP TLS error: -1, 2, 8465, > > it seems not to have recognised that reason 2 is WANT_READ and instead > reported an error. > This indicates that there is a problem with either the openssl install oor the > Net_SSLeay install. > Im sorry I did not see this before. No that's me sorry not to have precised this: I added some debug code in the WANT_READ condition block: elsif ($reason == ERROR_WANT_READ) { $self->log($main::LOG_ERR, "jeje - want read", $p); my $errs = &Net::SSLeay::print_errs(); $self->log($main::LOG_ERR, "EAP TLS error: $ret, $reason, $state, $errs"); $self->eap_failure($p->{rp}, $context); # Looking for more data, just ack this } So that it recognizes WANT_READ well. Sorry for giving you a bad path. > I strongly suggest you : > > 1. Ensure there are no old versions of ssl, openssl or Net_SSLeay installed on > your host. No, old older versions are overrided. > 2. Compile and install openssl 0.9.7 done. > 3. Compile and install Net_SSLeay 1.22 (using the Makefile.PL /usr/local/ssl > arg above) done (1.23) At this point, I think I'll try on an other fresh Unix install. Thanks for your help Mike. -- Jerome Fleury === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.