Re: eap ttls certificate config

2008-10-02 Thread jehan procaccia
OK, I found why it cored-dump. I though that CA_file and CA_path needed to be set seperatly. so when setting CA_path I was commenting CA_file . Now that both CA_file and CA_path directives are present in eap.conf, it doesn't core-dump anymore. Anyway, I found my real problem. It's from securew2

Re: eap ttls certificate config

2008-09-30 Thread Alan DeKok
Jehan PROCACCIA wrote: > Actually I wasn't suggesting that it is a bug, A core dump is a bug. The files I suggested you read contain instructions that help us fix the bug. > my inital question is how > one can use that CA_path directive > and what the CA_path should contain . > If it's a bug,

Re: eap ttls certificate config

2008-09-30 Thread tnt
>My initial question is: "how to configure eap.conf tls section to load a >multi-level certificate hierarchy (CA bundle)" ? > The same as for a single CA. You have configured that properly. You said that server worked with a single CA but segfaulted when you replaced it with that bundle. I woul

Re: eap ttls certificate config

2008-09-30 Thread Jehan PROCACCIA
Alan DeKok a écrit : Jehan PROCACCIA wrote: See doc/bugs a link would be greatly appreciated . Ummm... this file ships with the server. If you can't find it in the "tar" file, it's usually in /usr/share/doc/something/, depending on your local installation. See also the

Re: eap ttls certificate config

2008-09-30 Thread Alan DeKok
Jehan PROCACCIA wrote: >> See doc/bugs > > a link would be greatly appreciated . Ummm... this file ships with the server. If you can't find it in the "tar" file, it's usually in /usr/share/doc/something/, depending on your local installation. See also the main web site. There's a link on

Re: eap ttls certificate config

2008-09-30 Thread Jehan PROCACCIA
Alan DeKok a écrit : Jehan PROCACCIA wrote: what about that CA_path directive ? why is it generating a segmentation fault when starting radiusd ? See doc/bugs Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html a link would be greatly a

Re: eap ttls certificate config

2008-09-30 Thread Alan DeKok
Jehan PROCACCIA wrote: > what about that CA_path directive ? why is it generating a segmentation > fault when starting radiusd ? See doc/bugs Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: eap ttls certificate config

2008-09-30 Thread Jehan PROCACCIA
[EMAIL PROTECTED] a écrit : pki-chain.pem contain the concatenation of our 3 level pki hierarchy ( cat itClass1.crt > pki-chain.pem ; cat itClass2.crt >> pki-chain.pem ; cat itClass3.crt >> pki-chain.pem ) Did you find somewhere in openssl documentation that you can mix .pem and crt format

Re: eap ttls certificate config

2008-09-30 Thread tnt
>pki-chain.pem contain the concatenation of our 3 level pki hierarchy >( cat itClass1.crt > pki-chain.pem ; cat itClass2.crt >> pki-chain.pem ; >cat itClass3.crt >> pki-chain.pem ) Did you find somewhere in openssl documentation that you can mix .pem and crt formats like that? Ivan Kalik Kalik In

eap ttls certificate config

2008-09-30 Thread Jehan PROCACCIA
hello, I try to configure my freeradius-2.0.3-3.el5 to read our certicate chain with no success :-( . neither CA_file or CA_path directives works as expected in eap.conf . here's my config: /etc/raddb/eap.conf tls { certdir = ${confdir}/certs cadir = ${confdir}/certs/CA private_key_password =