John Horne wrote: > Well I like the explanation, but unfortunately it doesn't work. Radiusd > still dies at the first HUP.
Dang. > However, one thing I have noticed is that if I start Freeradius up > from /etc/init.d (this is a CentOS server so I used 'service radiusd > start'), then I can HUP the daemon once and it stays running. HUP it a > second time and it fails (this is with one certificate in the file). If > I start Freeradius as '/usr/sbin/radiusd -X', and HUP it, then it fails > straight away. In both cases the failure messages are the same as those > originally reported. Weird. Maybe adding a call to ERR_clear_error() in rlm_eap_tls.c, function init_tls_ctx(), after the call to SSL_CTX_new() ? Maybe there's a previous pending error that isn't being cleared. The "read certificate file" routine may see the old error, and think it's a new one? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
