Adam Bishop <[log in to unmask]> wrote
Fri, 6 Jun 2014 10:25:54 +0000:
| On 4 Jun 2014, at 16:28, Sam Hartman <[log in to unmask]> wrote:
| > I've never tried to use TLS-PSK with libradsec.
| > We've always used client certs.
| > I can take a look but it will be a few days.
| > Perhaps Linus knows what's going on.
|
| I’ve spent a bit more time on this and the issue is embarrassingly obvious.
|
| libradsec on CentOS has been compiled without TLS-PSK support (--enable-tls-psk).
Sorry for being late to the party. Glad you found out what's happening.
There should be a warning somewhere. I wonder where.
rs_context_read_config() should've returned non-zero and mech_eap
should've failed initiating (gssEapCreateRadiusContext()). I don't know
how mech_eap is communicating with the user.
If you want to test PSK separate from moonshot, you could try
the test program libradsec/examples/client together with the
client-psk.conf file in the same directory.
|