FR >= 3.0.3 Failed creating SSL context: error:140A90A1 ... #646

Closed
Schnappatmer opened this Issue May 20, 2014 · 0 comments

Projects

None yet

1 participant

@Schnappatmer

Starting FR 3.0.3 and higher (git) with TLS fails with

"Failed creating SSL context: error:140A90A1:lib(20):func(169):reason(161)"

With FR 3.0.2 it works flawless.

I use libssl 1.0.1g-4 with Debian Linux.

radiusd: #### Loading Realms and Home Servers ####
 proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = <<< secret >>>
        response_window = 20
        max_outstanding = 65536
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
  coa {
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
  }
  limit {
        max_connections = 16
        max_requests = 0
        lifetime = 0
        idle_timeout = 0
  }
 }
 home_server tls {
        ipaddr = 127.0.0.1
        port = 2083
        type = "auth"
        proto = "tcp"
        secret = <<< secret >>>
        response_window = 30
        max_outstanding = 65536
        zombie_period = 40
        status_check = "none"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        revive_interval = 300
        status_check_timeout = 4
  coa {
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
  }
  limit {
        max_connections = 16
        max_requests = 0
        lifetime = 0
        idle_timeout = 0
  }
 }
  tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        ca_path = "/etc/freeradius/certs"
        pem_file_type = yes
        private_key_file = "/etc/freeradius/certs/client.pem"
        certificate_file = "/etc/freeradius/certs/client.pem"
        ca_file = "/etc/freeradius/certs/ca.pem"
        private_key_password = <<< secret >>>
        dh_file = "/etc/freeradius/certs/dh"
        random_file = "/etc/freeradius/certs/random"
        fragment_size = 8192
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
        ecdh_curve = "prime256v1"
  }
Failed creating SSL context: error:140A90A1:lib(20):func(169):reason(161)
@arr2036 arr2036 closed this in 1f36474 May 20, 2014
@arr2036 arr2036 added a commit that referenced this issue May 20, 2014
@arr2036 arr2036 We need to initialise SSL before reading the main config Fixes #646
It was initialised before instantiating the modules, but that's probably not enough for RADSEC
c209496
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment