OpenSSL 1.1.0 support
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Apr 1 18:34:51 CEST 2016
There's now support for OpenSSL 1.1.0-pre4 support in v3.1.x.
This was actually a fair amount of work. OpenSSL has switched to private structs, meaning we have to allocate things like HMAC_CTX on the heap now instead of using the stack.
It also means we no longer have direct access to fields within SSL session contexts and have to use OpenSSL accessor functions in many places.
Alan D completed the first part of the work a few months ago, and I finished off the changes yesterday.
Our basic EAP test suite passes, but it would be useful if those who rely heavily on TLS could test this out in their lab environment.
For large deployments of EAP-TLS/EAP-TTLS/EAP-PEAP there may be a noticeable performance improvement, as OpenSSL has (finally) removed their global object/type-specific mutexes.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160401/f5276214/attachment.sig>
More information about the Freeradius-Users
mailing list