On 03/30/2011 05:49 PM, Jim Veneskey wrote: >> Wed Mar 30 10:34:50 2011: DEBUG: EAP result: 1, EAP-FAST Requires >> Net::SSLeay::set_session_secret_cb. Upgrade or patch your OpenSSL >> and/or Net-SSLeay >> Wed Mar 30 10:34:50 2011: DEBUG: AuthBy FILE result: REJECT, EAP-FAST >> Requires Net::SSLeay::set_session_secret_cb. Upgrade or patch your >> OpenSSL and/or Net-SSLeay >> Wed Mar 30 10:34:50 2011: INFO: Access rejected for anonymous: >> EAP-FAST Requires Net::SSLeay::set_session_secret_cb. Upgrade or patch >> your OpenSSL and/or Net-SSLeay >> Wed Mar 30 10:34:50 2011: DEBUG: Packet dump: > > Which implies that the version of openssl I was using - 0.9.8n was not > good enough. > > Just for fun - I upgraded openssl to the latest release: > >> openssl version >> OpenSSL 1.0.0d 8 Feb 2011 > And that also resulted in the messages shown above.
1.0.0d has support for the required functions. Here's what I have on openSUSE 11.3 % rpm -qa|grep -i sslea perl-Crypt-SSLeay-0.57-47.1.i586 perl-Net-SSLeay-1.36-3.1.i586 OpenSSL is 1.0.0 from March 29 2010 With the above I do not get complaints from missing functions. If you compiled openssl "./config shared" before the compile, the compilation creates shared libraries. You can point to those libs with something like export LD_LIBRARY_PATH=/home/hvn/src/openssl-1.0.0d When you start Radiator it should pick up the 1.0.0d ssl library. With something like above you can try to make sure Radiator is indeed using 1.0.0d unless you have purged the old version while installing 1.0.0d. > So - since I already had Net_SSLeay.pm-1.30 installed, my next step > looks to be downgrading OpenSSL to a supported version. Try upgrading Net-SSLeay.pm to 1.36. Version 1.30 is quite old and 1.36 does have the functions that are required. If Net_SSLeay 1.36 and openssl 1.0.0d do not work, I would downgrade to 0.9.8 with patches only then. > My question is - is there a preferred version out of the following four > that I should downgrade to? > >> openssl-0.9.8d-session-ticket-osc.patch >> openssl-0.9.8e-session-ticket-osc.patch >> openssl-0.9.8i-tls-extensions.patch >> openssl-0.9.9-session-ticket.patch I'm not completely sure. I can check, but plese try the above first. Thanks! -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
