[PATCH 1/1] Just warn if linked libssl is more recent

Fajar A. Nugraha list at fajar.net
Tue Jun 17 11:20:20 CEST 2014


On Tue, Jun 17, 2014 at 4:10 PM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
> On 17 Jun 2014, at 08:43, Christian Hesse <list at eworm.de> wrote:
> > Still the question is whether freeradius should break on ABI
> incompatibility
> > change (which should still give a warning with my patch) or break on
> *every*
> > openssl update, regardless of whether or not ABI changed.
> >
> > Searching for "freeradius libssl version mismatch" gives a lot of
> matches, so
> > looks like this is a real issue.
>
> Some of those aren't for FreeRADIUS.
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732940
>
> OpenSSH has also adopted this approach, with a very similar message to us.
> Obviously they got annoyed too.
>
> I've changed the behaviour to match theirs.
>
>
... and apparently Debian's "solution" to the problem (from the same page)
is

   * Restore patch to disable OpenSSL version check (closes: #732940).

So FR's position is to leave it to official distro packagers to disable it
as well, just like allow_vulnerable_openssl?

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140617/b18fbbcb/attachment.html>


More information about the Freeradius-Devel mailing list