freeradius 3.0.13 refusing to start with Heartbleed-unaffected OpenSSL version
Alan DeKok
aland at deployingradius.com
Thu Apr 20 16:05:07 CEST 2017
On Apr 20, 2017, at 9:56 AM, Konstantin Knaab-Hinrichs via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> having trouble getting radiusd to work because of openssl:
>
> CLI debugging:
>
> root@$HOSTNAME:/etc/raddb# openssl version
> OpenSSL *1.0.2k* 26 Jan 2017
> ...
> Debugger not attached
> Refusing to start with libssl version OpenSSL 1.0.1t 3 May 2016 0x1000114f
> (1.0.1t release) (in range 1.0.1 release - 1.0.1t rule)
You have multiple versions of OpenSSL installed on your system. Don't do that.
FreeRADIUS doesn't magically detect OpenSSL 1.0.1t when you actually have 1.0.2k installed. It detects 1.0.1t because 1.0.1t *is* installed, and *is* being used by FreeRADIUS.
> Do I have to recompile FreeRADIUS after a new installation of OpenSSL?
Yes. Because of historic issues with OpenSSL breaking their APIs in minor releases.
OpenSSL is fixing their APIs. We will likely relax this check for OpenSSL 1.1.0 and later.
Alan DeKok.
More information about the Freeradius-Users
mailing list