-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[defect]: Crash of v3.2.x with TLS-PSK enabled home_server #5343
Comments
This should be resolved by the latest commit on the 3.2 branch. |
Thanks; I later realized this was the same crash as I found with RADIUS/TLS certificate-based home_servers (without TLS-PSK). The crash seem to be resolved for both scenarios, but there's still something odd. Before your fixes, I found that b9af38a with the freeradius-server/src/main/listen.c Line 3596 in b9af38a
... and in fact there is a peer where this commit+patch does connect, but your fixes up to fb9693f still don't connect. I don't control the peer so I cannot see what's on the other side, This one does work:
and so on, but this (on fb9693f) doesn't connect:
So, maybe this is caused by one of the other commits between b9af38a and fb9693f? |
Hi, it seems to fail already when I cherry-pick f440863 on top of b9af38a, also when adding fb9693f To be clear; it connects to a lot of other peers. I happen to know this peer is FreeRADIUS, but I don't know what version. And it's annoying, that b9af38a still works but only if I change the |
Yep, this in fact makes it connect happily again - but exactly how I got b9af38a already stable.
|
I think this issue is fixed now. We're spent a lot of time in 2024 cleaning up all of the TLS things :( |
What type of defect/bug is this?
Crash or memory corruption (segv, abort, etc...)
How can the issue be reproduced?
Minimal configuration in which the crash happens is:
When I send a request (any auth, regardless of it coming in via RADIUS or RadSec or TLS-PSK) for a
@tls.test
user it gets authenticated when everything aligns (TLS-PSK works, TLS version, identity and psk). My peer is radsecproxy. If thepsk_identity
is wrong (just any other string), or thepsk_hexphrase
, or I enabletls_min_version = "1.2"
(which radsecproxy doesn't support if I'm not mistaken) or the radsecproxy peer is configured with tls context, FreeRADIUS crashes. Backtrace provided.Log output from the FreeRADIUS daemon
Relevant log output from client utilities
No response
Backtrace from LLDB or GDB
The text was updated successfully, but these errors were encountered: