Hello Simon, On Mon, 24 Nov 2003 11:24 am, Simon Gao wrote: > Hi, > > I run into a very strange problem while trying to get > EAP-TLS working with either Redhat 7.3, 9, or Mandrake > 8.0, 9.2. Radiator is unable to read key file correctly, > no matter the key is the sample one comes with Radiator > 3.7.1 or self signed ones. Either OpenSSL 0.9.7c or 0.9.7b > with the latest rquired modules are installed. > > Any help is greatly appreciated. Here is the log:
I have just tested here with RH 9, openssl-0.9.7c and Net_SSLeay 1.23, and it reads the certificate file fine. I have not seen this error with any versions of openssl on any platform, except when the file really does not exist: > Sun Nov 23 18:22:10 2003: ERR: TLS could not > use_certificate_file > /usr/local/radiator/etc/cert/cert-serv.pem, 1: 4655: 1 - > error:0906D06C:PEM routines:PEM_read_bio:no start line > 4655: 2 - error:02001002:system library:fopen:No such > file or directory Are you sure that /usr/local/radiator/etc/cert/cert-serv.pem exists and is readable by whoever is running Radiator? Cheers. > > =============================================================== > Sun Nov 23 18:22:10 2003: DEBUG: Handling request with > Handler 'Client-Identifier=/Test_Radius/' > Sun Nov 23 18:22:10 2003: DEBUG: Handling request with > Handler 'Client-Identifier=/Test_Radius/' > Sun Nov 23 18:22:10 2003: DEBUG: Deleting session for > testUser, 192.168.3.2, > Sun Nov 23 18:22:10 2003: DEBUG: Handling with > Radius::AuthFILE: > Sun Nov 23 18:22:10 2003: DEBUG: Handling with EAP: code > 2, 168, 13 > Sun Nov 23 18:22:10 2003: DEBUG: Response type 1 > Sun Nov 23 18:22:10 2003: ERR: TLS could not > use_certificate_file > /usr/local/radiator/etc/cert/cert-serv.pem, 1: 4655: 1 - > error:0906D06C:PEM routines:PEM_read_bio:no start line > 4655: 2 - error:02001002:system library:fopen:No such > file or directory > 4655: 3 - error:20074002:BIO routines:FILE_CTRL:system > lib > 4655: 4 - error:140AD002:SSL > routines:SSL_CTX_use_certificate_file:system lib > > Sun Nov 23 18:22:10 2003: DEBUG: EAP result: 1, EAP TLS > Could not initialise context > Sun Nov 23 18:22:10 2003: INFO: Access rejected for > testUser: EAP TLS Could not initialise context > Sun Nov 23 18:22:10 2003: INFO: Access rejected for > testUser: EAP TLS Could not initialise context > Sun Nov 23 18:22:10 2003: DEBUG: Packet dump: > *** Sending to 192.168.3.2 port 6001 .... > Code: Access-Reject > Identifier: 162 > Authentic: > <235>2<0><0><13><5><0><0><189><15><0><0><192><29><0><0> > Attributes: > Reply-Message = "EAP TLS Could not initialise > context" > ============================================================ > > Simon Gao > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
