FreeRADIUS and OpenSSL Linkage
Peter Nixon
listuser at peternixon.net
Fri Jan 9 16:55:07 CET 2009
Sounds fine to me. Maybe we should also in future invesitgate using axtls in
place of openssl. Not only is it an order of magnitude smaller which is
great for embedded systems, it is also BSD licensed.
Cheers
Peter
On Wed 07 Jan 2009, Alan DeKok wrote:
> It would be useful to be able to link FreeRADIUS with OpenSSL, for
> systems like Debian that have restrictive license policies. Upon
> auditing the source code (and some offline discussion), it looks like it
> may be possible.
>
> The code using OpenSSL is:
>
> src/main/threads.c
> src/modules/rlm_eap/
> src/modules/rlm_otp/
> src/modules/rlm_wimax/
>
> The ownership of the relevant code is largely myself, a bankrupt
> company (rlm_eap), and Tri-D systems (rlm_otp). We've tried contacting
> Tri-D systems (now owned by RedHat), but have had little response.
>
> My suggestion is to do the following:
>
> 1) add a license exception to the main LICENSE file:
>
> In addition, as a special exception, the copyright holders give
> permission to link the code of portions of this program with the
> OpenSSL library, and distribute linked combinations including the
> two. This exception does not apply to the "rlm_otp" module.
> You must obey the GNU General Public License in all respects
> for all of the code used other than OpenSSL. If you modify
> file(s) with this exception, you may extend this exception to your
> version of the file(s), but you are not obligated to do so. If you
> do not wish to do so, delete this exception statement from your
> version.
>
> 2) remove rlm_otp from the "stable" module list. It's not being
> maintained, and I'm not sure anyone is using it.
>
> This will make life easier for package maintainers, as they can just
> configure --without-rlm_otp. The result will be a version of the server
> that can be linked with OpenSSL on Debian-based systems.
>
> Thoughts?
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
--
Peter Nixon
http://peternixon.net/
More information about the Freeradius-Devel
mailing list