Version: 3.2.8+dfsg-1 Control: tags -1 +patch +upstream Control: forwarded -1 https://github.com/FreeRADIUS/freeradius-server/issues/5515
Hello there Bernhard, Fantastic! I spent the afternoon trying to reproduce a minimal case in Docker (and had succeeded just when I saw your email). It turns out… I have built this patch in a trixie chroot and deployed it to our production server, and the segfault is gone! So I'm marking this as fixed in the version in testing/unstable. Should we get to prepare a stable update? It'd be really nice to get this fixed for everyone using stable, happy to help! Best, OdyX On Tue, 18 Nov 2025 17:12:57 +0100 Bernhard Schmidt <[email protected]> wrote: > > Our setup is working fine, with a Sectigo DV certificate chain in > > /etc/freeradius/ssl/fullchain.pem & /etc/freeradius/ssl/privkey.pem, with a > > Radsec setup (so private_key_file and certificate_file are set in > > 3.0/sites-available/tls, as well as in 3.0/mods-available/eap), we routinely > > verify this via a distant rad_eap test (doing > > Radius-over-Radsec-over-Radius). > > > > Today, I had to update that certificate (which is close to expiring), moving > > from this chain: > > > > * certificate > > * Sectigo ECC Domain Validation Secure Server CA > > * USERTrust ECC Certification Authority > > > > to this chain: > > > > * certificate > > * Sectigo Public Server Authentication CA DV E36 > > * Sectigo Public Server Authentication Root E46 > > * USERTrust ECC Certification Authority > > > > … and it now segfaults whenever we try to access the radius-to-radsec proxy. > > > > In other words, the fullchain.pem which before contained 2 certificates (the > > certificate and 1 intermediary), now contains 3 certificates (the > > certificate, > > and 2 intermediaries), and with this the server segfaults. > > > > I have not yet managed to extract a stacktrace or a core dump, I would be > > all > > ears to get this solved. > > This sounds a bit like this problem > > https://github.com/FreeRADIUS/freeradius-server/issues/5515 > https://github.com/FreeRADIUS/freeradius-server/commit/286415adce9bc9e8cf974810f5be941dc2131056 > > which is resolved in 3.2.8. > > Do you have a chance to check with this patch applied?
freeradius_1120927.debdiff
Description: Binary data
