Juniper SBR V 6.0.1 CRL-Checking problem

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Juniper SBR V 6.0.1 CRL-Checking problem
From: USprotte@xxxxxx
Date: 27 Jun 2007 18:56:29 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

We tried to setup crl-checking on den sbr v 6.0.1 Steel Belted RADIUS. The URL
socket  is located on the RSA Authenticationsever V 6.7. Radius authentication 
via EAP TLS should not work because the SBR got a "CRL Fetch: HTTP socket 
connect failure from one of "http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl";.

We found this error message in the radius log.

A test with wget should be work:

AAA-1:/var/log/radius # wget
http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl
--11:06:31--  http://ca.dc.XXX.com:447/XXX-Issuing-CA-v3.crl
           => `XXX-Issuing-CA-v3.crl.2'
Resolving ca.dc.XXX.com... 10.0.5.33
Connecting to ca.dc.XXX.com|10.0.5.33|:447... connected.
HTTP request sent, awaiting response... 200 OK
Length: 356 [application/x-pkcs7-crl]

100%[===================================================================
=================>] 356           --.--K/s             

11:06:31 (24.25 MB/s) - `XXX-Issuing-CA-v3.crl.2' saved [356/356]

------------------------------------------------------------------------
------------------------------------------------

I think this is a big problem in the radius server.
-- 
kind regards

Udo Sprotte

Prev by Date: Contact request - nVidia
Next by Date: CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability
Previous by thread: Contact request - nVidia
Next by thread: CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability
Index(es):
- Date
- Thread