On 11/13/2013 04:02 AM, Klara Mall wrote: > Don't know if these fixes are ok, but they show where the problem > resides.
Yes, that is very impressive work. My understanding is 1.74 (Debian wheezy) does not work and needs the fix but 1.33 (Debian squeeze) works. There's the possibility that the Debian patches have changed something, but my understanding is they actively push their patches to upstream authors, so I think it is a good idea to contact Steffen and let him know about this. > I want to report this to the module maintainers. Please tell if I'm > wrong somewhere. I think the module maintainer should be let known of this problem and can tell if there's a problem. It's quite likely he can quickly tell if and what kind of fix is needed. I guess mixing successive direct SSL/TLS connections with plain text + start TLS within one process is not very often done and this has remained uncovered so far. > As for my radiator configuration I will reconsider it. I think I > will find a way to only use SSL so that I have no mix of SSL and > TLS. Please let us know how it goes and what additional information you get from module maintainers. > BTW: I just verified: with libnet-ldap-perl from Debian squeeze it > works. As it seems the reason is that the part of the > IO::Socket::SSL code with the identity is not used (no DEBUG > output for this). This should narrow down the work to find the change that caused the problem. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
