Hello, I'm trying configure ServerRADSEC to sent certificate chain but it wont work :(
<ServerRADSEC> Secret mysecret BindAddress ::,0.0.0.0 UseTLS TLS_CAFile /etc/radiator/trusted-CA.pem TLS_CertificateType PEM TLS_CertificateFile /etc/ssl/certs/eduroom.cesnet.cz.crt TLS_PrivateKeyFile /etc/ssl/private/eduroom.cesnet.cz.key TLS_CertificateChainFile /etc/ssl/certs/TERENA_SSL_CA_2.pem root@eduroom:/var/log/arch/radiator# cat /etc/ssl/certs/TERENA_SSL_CA_2.pem -----BEGIN CERTIFICATE----- MIIF+TCCA+GgAwIBAgIRALD/zzodgkSYFWKdZIhqQWUwDQYJKoZIhvcNAQEMBQAw gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0 MTAwOTAwMDAwMFoXDTI0MTAwODIzNTk1OVowZDELMAkGA1UEBhMCTkwxFjAUBgNV BAgTDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcTCUFtc3RlcmRhbTEPMA0GA1UEChMG VEVSRU5BMRgwFgYDVQQDEw9URVJFTkEgU1NMIENBIDIwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQCwOm1/qbgAnvOFOghkLPlEDCC0sxVNBi2m8JPJSL73 ZK2kjhWzMYEUF/xu4osZdYs2Es8HbXZ4Jl4nvywWukL73R5Qj2SvdZsKOoKpMSVR jn/EQt0fXJORu5T6cFf65/24uGjKm2oZJFQ3/jJhifciwY9j1dFpfklNvNfQ20zW 9g+9wYhCk9aR+Z+WmRHqbnLngCFs8U6O7GO4Pa9lOdCFkip5Og7W6K2bJYmi1C5y a3Oh0uLfzlhw/8BUAXdd+XadL0PaoibdHUKaTTixVv46tMtrbPJqnz+zrjun0BU+ rCd/G/RZYFBWfp11JZ4/xna//5nM2PGpaolf3ucHzY2LAgMBAAGjggF/MIIBezAf BgNVHSMEGDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUW9CKHJoy W+C13ZZUG+GGKLD9tr0wDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCwGA1UdIAQlMCMwDQYL KwYBBAGyMQECAh0wCAYGZ4EMAQIBMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI hvcNAQEMBQADggIBAH2QaWZWVBxrPK5/JQgT6btkbPVniC+9wVEKrtNj9i3bcDEJ AH4di9rkMyGY4CGT28COJY5VBswqZeMD6FlyJ643mph8wvQTWhJxLW2r3zJpgacG oosgHaiQ0iiqYdT2/6W/hoCOZ5EqIn4dlC0aYbsgIZCJ6NUKEQr2CLpeG8tsKIU+ xRYPZf230bFhwaYl2Ia/Dvqb+tH1IqdnuBUu+Qitt3UCOfQpYfm/wKoX60LeJo+d ZWQyB95sPTLTA+xH1XRpIDp+uHDvqaIqnFVCtuM+i9j/Jlr7fCZsiIWG15M+UPhE h9RQ0R1DMDK60rqNIQjK9+7Gbs6SWQgcU3N0j5z4160avk1G7qzEuYHrp1DMHWb8 Dg1+Bh24DtN+u5qHrgu2m4QEzsGgexbfArIYQ62ruSYJq6oEHVA37iq9IkGKALXc n8MF1OaCTGfaKwL1ZaxZKbt6DE5Ut9I7fQM7IGTGxehQKpKwX6BHl3JYX8EKb5/1 PQnV5whodZLi1biej76NGztDjPNO1VSrdu3MUH8ume20tUn643V9ixFoDdU6+l1Q sCuBA3gstNuPv0xAW5KjohoKQV2sV/puV070B1XrYwgykwAkSl2dwsFSKJPByCQa ppP7zX0/pnO8z2ideWMu5yUrQjg2sQtWwopf965KMdnfagbNL6OYCbwFgBPH -----END CERTIFICATE----- when client connects Radiator print: > Thu Apr 16 11:29:29 2015: DEBUG: Stream connected to > 2001:718:1:6:ea94:f6ff:fe33:651e:60211 > Thu Apr 16 11:29:29 2015: DEBUG: StreamTLS sessionInit for > 2001:718:1:6:ea94:f6ff:fe33:651e > Thu Apr 16 11:29:29 2015: ERR: StreamTLS could not create SSL: > Net::SSLeay::new failed: 17482: 1 - error:140BA0C3:SSL routines:SSL_new:null > ssl ctx > ,Inappropriate ioctl for device > Thu Apr 16 11:29:29 2015: DEBUG: New StreamServer Connection created for > 2001:718:1:6:ea94:f6ff:fe33:651e:60211 > Thu Apr 16 11:29:29 2015: DEBUG: Stream connected to > 2001:718:e:0:ea94:f6ff:fe3f:68d8:32903 > Thu Apr 16 11:29:29 2015: DEBUG: StreamTLS sessionInit for > 2001:718:e:0:ea94:f6ff:fe3f:68d8 > Thu Apr 16 11:29:29 2015: ERR: StreamTLS could not create SSL: > Net::SSLeay::new failed: 17482: 1 - error:140BA0C3:SSL routines:SSL_new:null > ssl ctx > ,Inappropriate ioctl for device > Thu Apr 16 11:29:29 2015: DEBUG: New StreamServer Connection created for > 2001:718:e:0:ea94:f6ff:fe3f:68d8:32903 > Thu Apr 16 11:29:30 2015: DEBUG: Stream connected to 195.113.187.22:46764 > Thu Apr 16 11:29:30 2015: DEBUG: StreamTLS sessionInit for 195.113.187.22 > Thu Apr 16 11:29:30 2015: ERR: StreamTLS could not create SSL: > Net::SSLeay::new failed: 17482: 1 - error:140BA0C3:SSL routines:SSL_new:null > ssl ctx > ,Inappropriate ioctl for device Without TLS_CertificateChainFile everything works fine. Thanks for any help -- ----------------------- Jan Tomasek aka Semik http://www.tomasek.cz/ _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator