| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 27 Jun 2007 18:56:29 -0000 From: USprotte@....de To: bugtraq@...urityfocus.com Subject: Juniper SBR V 6.0.1 CRL-Checking problem We tried to setup crl-checking on den sbr v 6.0.1 Steel Belted RADIUS. The URL socket is located on the RSA Authenticationsever V 6.7. Radius authentication via EAP TLS should not work because the SBR got a "CRL Fetch: HTTP socket connect failure from one of "http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl". We found this error message in the radius log. A test with wget should be work: AAA-1:/var/log/radius # wget http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl --11:06:31-- http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl => `XXX-Issuing-CA-v3.crl.2' Resolving ca.dc.XXX.com... 10.0.5.33 Connecting to ca.dc.XXX.com|10.0.5.33|:447... connected. HTTP request sent, awaiting response... 200 OK Length: 356 [application/x-pkcs7-crl] 100%[=================================================================== =================>] 356 --.--K/s 11:06:31 (24.25 MB/s) - `XXX-Issuing-CA-v3.crl.2' saved [356/356] ------------------------------------------------------------------------ ------------------------------------------------ I think this is a big problem in the radius server. -- kind regards Udo Sprotte
Powered by blists - more mailing lists