RE: RadSec FR3.0 to Radiator: "Received packet will be too large"

2012-02-23 Thread Brian Julin
RadSec FR3.0 to Radiator: "Received packet will > be too large" > > Oops. Do a "git pull", and I think it should be fixed. That seems to have done the trick. I also tested the codepath that prints an error when fragment_size is too small, and that works fine, t

Re: RadSec FR3.0 to Radiator: "Received packet will be too large"

2012-02-23 Thread Alan DeKok
Brian Julin wrote: > After merging this (and a bunch of other stuff that had built up) and > rebuilding, this happens: Oops. Do a "git pull", and I think it should be fixed. Thanks for the GDB backtrace. That helped. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradi

RE: RadSec FR3.0 to Radiator: "Received packet will be too large"

2012-02-23 Thread Brian Julin
k [al...@deployingradius.com] Sent: Thursday, February 23, 2012 4:12 AM To: FreeRadius users mailing list Subject: Re: RadSec FR3.0 to Radiator: "Received packet will be too large" Brian Julin wrote: > We're piloting RadSec as a federation server uplink. They use Radiator. > Wh

Re: RadSec FR3.0 to Radiator: "Received packet will be too large"

2012-02-23 Thread Alan DeKok
Brian Julin wrote: > We're piloting RadSec as a federation server uplink. They use Radiator. > When we first attempted to connect we'd get > a "Received packet will be too large!" carp from main/tls.c. They checked on > their end and say they have no fragment > size option for RadSec TLS conn

Re: RadSec FR3.0 to Radiator: "Received packet will be too large"

2012-02-23 Thread Alan DeKok
Stefan Winter wrote: > The RADIUS/TLS wrapper around those datagrams is not size-limited at all The TLS protocol sends data in packets with headers. Those packets can be up to 64K in length. The TLS code in FreeRADIUS was originally based on the EAP-TLS code. The EAP-TLS packets run over eth

Re: RadSec FR3.0 to Radiator: "Received packet will be too large"

2012-02-23 Thread Alan DeKok
Alan Buxey wrote: > interestinga RADSEC packet can be much bigger than that too - 2048 gives > some room for a big > certificate - but not if its double-chained with intermediate and its got a > nice security size > instead of being a little 512bit RSA one. typically EAP-TLS can be > fragme

Re: RadSec FR3.0 to Radiator: "Received packet will be too large"

2012-02-22 Thread Stefan Winter
Hi, We're piloting RadSec as a federation server uplink. They use Radiator. When we first attempted to connect we'd get a "Received packet will be too large!" carp from main/tls.c. They checked on their end and say they have no fragment size option for RadSec TLS connections, only for EAP-T

Re: RadSec FR3.0 to Radiator: "Received packet will be too large"

2012-02-22 Thread Alan Buxey
Hi, > We're piloting RadSec as a federation server uplink. They use Radiator. > When we first attempted to connect we'd get > a "Received packet will be too large!" carp from main/tls.c. They checked on > their end and say they have no fragment > size option for RadSec TLS connections, only