OK, I found why it cored-dump.
I though that CA_file and CA_path needed to be set seperatly.
so when setting CA_path I was commenting CA_file .
Now that both CA_file and CA_path directives are present in eap.conf, it
doesn't core-dump anymore.
Anyway, I found my real problem. It's from securew2
Jehan PROCACCIA wrote:
> Actually I wasn't suggesting that it is a bug,
A core dump is a bug. The files I suggested you read contain
instructions that help us fix the bug.
> my inital question is how
> one can use that CA_path directive
> and what the CA_path should contain .
> If it's a bug,
>My initial question is: "how to configure eap.conf tls section to load a
>multi-level certificate hierarchy (CA bundle)" ?
>
The same as for a single CA. You have configured that properly.
You said that server worked with a single CA but segfaulted when you
replaced it with that bundle. I woul
Alan DeKok a écrit :
Jehan PROCACCIA wrote:
See doc/bugs
a link would be greatly appreciated .
Ummm... this file ships with the server. If you can't find it in the
"tar" file, it's usually in /usr/share/doc/something/, depending on your
local installation.
See also the
Jehan PROCACCIA wrote:
>> See doc/bugs
>
> a link would be greatly appreciated .
Ummm... this file ships with the server. If you can't find it in the
"tar" file, it's usually in /usr/share/doc/something/, depending on your
local installation.
See also the main web site. There's a link on
Alan DeKok a écrit :
Jehan PROCACCIA wrote:
what about that CA_path directive ? why is it generating a segmentation
fault when starting radiusd ?
See doc/bugs
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a link would be greatly a
Jehan PROCACCIA wrote:
> what about that CA_path directive ? why is it generating a segmentation
> fault when starting radiusd ?
See doc/bugs
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] a écrit :
pki-chain.pem contain the concatenation of our 3 level pki hierarchy
( cat itClass1.crt > pki-chain.pem ; cat itClass2.crt >> pki-chain.pem ;
cat itClass3.crt >> pki-chain.pem )
Did you find somewhere in openssl documentation that you can mix .pem and
crt format
>pki-chain.pem contain the concatenation of our 3 level pki hierarchy
>( cat itClass1.crt > pki-chain.pem ; cat itClass2.crt >> pki-chain.pem ;
>cat itClass3.crt >> pki-chain.pem )
Did you find somewhere in openssl documentation that you can mix .pem and
crt formats like that?
Ivan Kalik
Kalik In
hello,
I try to configure my freeradius-2.0.3-3.el5 to read our certicate chain
with no success :-( .
neither CA_file or CA_path directives works as expected in eap.conf .
here's my config:
/etc/raddb/eap.conf
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs/CA
private_key_password =
10 matches
Mail list logo