Re: Cannot get EAP-TLS to work with FreeRADIUS 0.7

Thu, 31 Oct 2002 14:59:53 -0800

Ok, I read the original post more closely and maybe he was having both problems: wrong OpenSSL at first and then linker problems after that. I know that I wasn't having the linker issues.

The necessary OpenSSL functions were not added until 0.9.7 as found in the SSL_CTX_set_msg_callback.pod. Does anybody know if there is any reason why a 0.9.7-beta, stable snapshot, or snapshot would be prefered over the others?

Thanks,

Aron

Aron Silverton wrote:

Alan DeKok wrote:


Jason Haar <[EMAIL PROTECTED]> wrote:
I've compiled up 0.7 successfully under Redhat 7.2 with openssl-0.9.6b, but
when I try to use xsuplicant on a WLAN Linux client, radiusd crashes:


Uh, no. Your shared libraries are set up wrong. The server asks to
do run-time linking, and *your* run-time linker fails to find that symbol.


radiusd: relocation error: /usr/lib/rlm_eap_tls-0.7.so: undefined symbol:
SSL_set_msg_callback_arg

I then tried compiling 0.7 under openssl-0.9.7 and under
openssl-engine-0.9.6g (using LD_PRELOAD/etc) with the same error.


  <shrug>  Figure out how to get shared libraries working on your
system.  It's not the fault of the server that your dynamic linker
can't resolve a symbol.

Alan, I'm not sure that this is the problem. I tried to build a Linux machine today using OpenSSL 0.9.6b as indicated in the EAP documentation bundled with FreeRADIUS. (My existing builds are on FreeBSD using a later snapshot of OpenSSL.) After getting complaints from rlm_eap_tls-0.7.1.so about SSL_set_msg_callback, I dug around in the code to find that these functions being called from tls.c were not added to OpenSSL until after 0.9.6b.

  See the FAQ and the comments around 'libdir' in radiusd.conf.  The
ONLY way to fix the problem is to fix your linker.  There's NOTHING
you can do to the server which will fix the problem.

Unless there is nothing wrong with the linker as with my setup where "ldd rlm_eap_tls-0.7.1.so" and "ldd radiusd" show exactly what one would expect to see.

I apologize if somebody has pointed this out already in the months that have passed since the original posts. Perhaps we can get the EAP document updated to indicate an appropriate version?

This page, http://www.missl.cs.umd.edu/wireless/eaptls/#OPENSSL, which we are all familiar with, recommends 0.9.7, but I don't know if that is definitive. I'm hoping to look at later 0.9.6 releases to see if they include the calls later on today.



Alan DeKok.

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Aron J. Silverton
Senior Staff Research Engineer
Motorola Laboratories, Networks and Infrastructure Research
Motorola, Inc.

Telephone: 847-576-8747
Fax: 847-576-3240
mailto: [EMAIL PROTECTED]


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to