Dear Didier,
> Our setup is working fine, with a Sectigo DV certificate chain in
/etc/freeradius/ssl/fullchain.pem & /etc/freeradius/ssl/privkey.pem, with a
Radsec setup (so private_key_file and certificate_file are set in
3.0/sites-available/tls, as well as in 3.0/mods-available/eap), we routinely
verify this via a distant rad_eap test (doing Radius-over-Radsec-over-Radius).
Today, I had to update that certificate (which is close to expiring), moving
from this chain:
* certificate
* Sectigo ECC Domain Validation Secure Server CA
* USERTrust ECC Certification Authority
to this chain:
* certificate
* Sectigo Public Server Authentication CA DV E36
* Sectigo Public Server Authentication Root E46
* USERTrust ECC Certification Authority
… and it now segfaults whenever we try to access the radius-to-radsec proxy.
In other words, the fullchain.pem which before contained 2 certificates (the
certificate and 1 intermediary), now contains 3 certificates (the certificate,
and 2 intermediaries), and with this the server segfaults.
I have not yet managed to extract a stacktrace or a core dump, I would be all
ears to get this solved.
This sounds a bit like this problem
https://github.com/FreeRADIUS/freeradius-server/issues/5515
https://github.com/FreeRADIUS/freeradius-server/commit/286415adce9bc9e8cf974810f5be941dc2131056
which is resolved in 3.2.8.
Do you have a chance to check with this patch applied?
Bernhard
