Works:
10218 open("/etc/raddb/certs/cert-srv.pem", O_RDONLY) = 6
10218 fstat64(6, {st_mode=S_IFREG|0644, st_size=2439, ...}) = 0
10218 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f22000
10218 read(6, "Bag Attributes\n localKeyID: 0"..., 4096) = 2439
10218 read(6, "", 4096) = 0
10218 close(6) = 0
10218 munmap(0xb7f22000, 4096) = 0
10218 open("/etc/raddb/certs/demoCA/cacert.pem", O_RDONLY) = 6
Doesn't:
10218 open("/etc/raddb/certs/cert-srv.pem", O_RDONLY) = 6
10218 fstat64(6, {st_mode=S_IFREG|0644, st_size=2439, ...}) = 0
10218 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f22000
10218 read(6, "Bag Attributes\n localKeyID: 0"..., 4096) = 2439
10218 close(6) = 0
10218 munmap(0xb7f22000, 4096) = 0
10218 write(2, "10218:error:0906D06C:PEM routine"..., 100) = 100
10218 write(2, "10218:error:14085005:SSL routine"..., 70) = 70
André Lemos wrote:
> copied over vanila configurations from another freeradius 1.1.0
> configuration, and now it seems to work fine.
>
> odd...
>
> Alan DeKok wrote:
>
>> =?ISO-8859-1?Q?Andr=E9_Lemos?= <[EMAIL PROTECTED]> wrote:
>>
>>
>>> doesn't anyone also have this problem?
>>>
>>>
>> It works in my tests.
>>
>> Hmm... the code prints the SSL errors to stderr. They're lost when
>> running in daemon mode. Yuck.
>>
>> I *suspect* that the files aren't readable by the server after a
>> HUP. Try making them owned by the UID the server is running as, and
>> making them readable by that uid.
>>
>> Alan DeKok.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
**_____________________**
* *André Ventura Lemos**
**Software Engineer**
**Critical Software, SA**
**Webpage:** **www.andrelemos.com**
**MSN:** [EMAIL PROTECTED]
**GSM:** **+351916401042**
**TLF:** **+351239989100**
DISCLAIMER: This message may contain confidential information or privileged
material and is intended only for the individual(s) named. If you are not a
named addressee and mistakenly received this message you should not copy or
otherwise disseminate it: please delete this e-mail from your system and notify
the sender immediately. E-mail transmissions are not guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete or contain viruses. Therefore, the sender does not
accept liability for any errors or omissions in the contents of this message
that arise as a result of e-mail transmissions. Please request a hard copy
version if verification is required. Critical Software.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
