'Re: Compiling with OpenSSL 1.1.1 (Alan DeKok)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Compiling with OpenSSL 1.1.1 (Alan DeKok)
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2018-10-19 14:38:46
Message-ID: BF2A770E-57D1-46F8-B589-8E4E4C772002 () deployingradius ! com
[Download RAW message or body]

On Oct 19, 2018, at 9:59 AM, Doug Wussler <doug.wussler@fsu.edu> wrote:
> 
> Just FYI, I upgraded to 3.0.17 and compiled with OpenSSL 1.1.1.  Debug info still \
> reports UNKNOWN TLS VERSION: 
> FreeRADIUS Version 3.0.17
> Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
> 
> (1) eap_peap: TLS_accept: before SSL initialization
> (1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0092] 
> (1) eap_peap: TLS_accept: SSLv3/TLS read client hello

  Ah yes, that was a typo.  It's been fixed in the v3.0.x branch.

> I should also mention that when using OpenSSL 1.1.1 the executable will not launch \
> without this setting in radiusd.conf: 
> allow_vulnerable_openssl = CVE-2016-6304
> 
> which should not be necessary with 1.1.1.

  That was another typo.  It's already been fixed in the v3.0.x branch.

> Also, if interested, when attempting to compile with config setting \
> "--without-dhcp" the compilation fails with: 
> CC src/main/radattr.c
> build/objs/src/main/radattr.o: In function `process_file':
> /downloads/freeradius-server-3.0.17/src/main/radattr.c:842: undefined reference to \
>                 `fr_dhcp_decode_options'
> /downloads/freeradius-server-3.0.17/src/main/radattr.c:813: undefined reference to \
>                 `fr_dhcp_encode_option'
> collect2: error: ld returned 1 exit status
> make: *** [build/bin/local/radattr] Error 1

  I've pushed  a fix.

> This information is not intended as a complaint.  I love the freeradius application \
> and am very appreciative of all the work that goes into it.  The efforts and \
> responsiveness of both the development team and the community are extremely robust \
> and helpful.

  Simple bug reports are *much* better than "I did stuff and it didn't work.  What's \
wrong?"

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic