Project

General

Profile

Bug #7491

freeradius2 (1.7.8) incorrect ca+crl pem file output format

Added by Luca Moncelli over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Package System
Target version:
-
Start date:
04/23/2017
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4
Affected Architecture:
amd64

Description

release 2.4.0.b.20170422.1955

configuring eap-tls ca and crl produce pem file output ( /usr/local/etc/raddb/certs/ca_cert.pem ) like this:

-----BEGIN CERTIFICATE-----
here my ca certificate.......
-----END CERTIFICATE----------BEGIN X509 CRL-----
here my crl certificate......
-----END X509 CRL-----

instead of this that should be:
-----BEGIN CERTIFICATE-----
here my ca certificate.......
-----END CERTIFICATE-----
-----BEGIN X509 CRL-----
here my crl certificate......
-----END X509 CRL-----

missing "cr" (carriage return) at the bottom of ca cert

this results in radius service stopping with error:

/usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section

and you can't re-start it....
you need to manual edit the ca_cert.pem file, insert the missing "cr" and... radius service can start regularly

History

#2 Updated by Luca Moncelli over 2 years ago

Kill Bill wrote:

https://github.com/pfsense/FreeBSD-ports/pull/344

OK! It works! :-)

#3 Updated by Luca Moncelli over 2 years ago

Kill Bill wrote:

https://github.com/pfsense/FreeBSD-ports/pull/344

OK! 1.7.8_1 now works, problem solved.

#4 Updated by Kill Bill over 2 years ago

Thanks for testing.

#5 Updated by Jim Pingle over 2 years ago

  • Status changed from New to Resolved

Also available in: Atom PDF