Hi all, Radsec in combination with IPv6 keeps troubling me. This weekend I upgraded Radiator from version 4.4 to 4.7 and since then the Radsec-connections won't work over IPv6. I had to switch back to IPv4 to get it running again. Both systems, Radsec server and client and server run Radiator 4.7 on RHEL. RHEL 5.4 on clients side and RHEL 5.5 on server side. I only upgraded de client side. The server that acts as Radsec-server was already running Radiator 4.7.
Personally I think it is not OS related, I experienced the same problems on Solaris 5.9 and 5.10 before. Below you find the error-message and the relevant configuration parts. Any help is appreciated. Sat Jan 22 16:35:41 2011: DEBUG: verifyFn start, hostname ipv6:'host' Sat Jan 22 16:35:41 2011: DEBUG: verifyFn hostname after canonicalise Sat Jan 22 16:35:41 2011: DEBUG: Verifying certificate with Subject '/DC=net/DC=geant/O=SURFnet BV/CN=host' presented by peer ipv6:'host' Sat Jan 22 16:35:41 2011: DEBUG: Checking subjectAltName type 2, value 'host' against Sat Jan 22 16:35:41 2011: DEBUG: Checking subjectAltName type 6, value https://registry.edugain.org/resolver?urn=urn:geant:eduroam:component:idp:Europe:SURFnet:'host' against Sat Jan 22 16:35:41 2011: DEBUG: Checking subjectAltName type 6, value https://registry.edugain.org/resolver?urn=urn:geant:eduroam:component:sp:Europe:SURFnet:'host' against Sat Jan 22 16:35:41 2011: DEBUG: Checking subjectAltName type 6, value https://registry.edugain.org/resolver?urn=urn:geant:eduroam:component:sp:Europe:SURFnet:SURFnet-office against Sat Jan 22 16:35:41 2011: ERR: Verification of certificate presented by ipv6:'host' failed Sat Jan 22 16:35:41 2011: DEBUG: StreamTLS SSL_connect result: -1, 1, 4401 Sat Jan 22 16:35:41 2011: ERR: StreamTLS client error: -1, 1, 4401, 9303: 1 - error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Sat Jan 22 16:35:41 2011: DEBUG: Stream disconnected from ipv6:'host':2083 #RADSEC client side: <Handler Realm=/^'realm'$/i> # RewriteUsername s/^([^@]+).*/$1/ <AuthBy RADSEC> Host ipv6:'hostname' Port 2083 Secret <cut> UseTLS TLS_CertificateType PEM TLS_CAPath %D/certs/cacert TLS_CertificateFile %D/certs/%h.pem TLS_PrivateKeyFile %D/certs/%h.pem </AuthBy> </Handler> #RADSEC serverside: <ServerRADSEC> Port 2083 UseTLS TLS_CAFile %D/cert/edugain/cacert/xxxxxx.pem TLS_CertificateFile %D/cert/edugain/yyyyyy.pem TLS_CertificateType PEM TLS_PrivateKeyFile %D/cert/edugain/yyyyyy.pem TLS_RequireClientCert TLS_SessionResumption 0 Secret <cut> Identifier RADSEC </ServerRADSEC> Kind regards, Patrick Renkens Centre for Information Services (UCI) Radboud University Nijmegen, Netherlands _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
