Bug #7491: freeradius2 (1.7.8) incorrect ca+crl pem file output format - pfSense - pfSense bugtracker

Actions

Copy link

Bug #7491

closed

freeradius2 (1.7.8) incorrect ca+crl pem file output format

Added by Luca Moncelli over 7 years ago. Updated over 7 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Package System

Target version:

Start date:

04/23/2017

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.4

Affected Architecture:

amd64

Description

release 2.4.0.b.20170422.1955

configuring eap-tls ca and crl produce pem file output ( /usr/local/etc/raddb/certs/ca_cert.pem ) like this:

-----BEGIN CERTIFICATE----- here my ca certificate....... -----END CERTIFICATE----------BEGIN X509 CRL----- here my crl certificate...... -----END X509 CRL-----

instead of this that should be:
-----BEGIN CERTIFICATE----- here my ca certificate....... -----END CERTIFICATE----- -----BEGIN X509 CRL----- here my crl certificate...... -----END X509 CRL-----

missing "cr" (carriage return) at the bottom of ca cert

this results in radius service stopping with error:

/usr/local/etc/raddb/sites-enabled/default[263]: Errors parsing authenticate section

and you can't re-start it....
you need to manual edit the ca_cert.pem file, insert the missing "cr" and... radius service can start regularly