Backporting TLS fixes to Fedora and RHEL

[Antonio Torres]

On Fri, Oct 15, 2021 at 5:33 PM Matthew Newton <mcn at freeradius.org> wrote:
>
> On 15/10/2021 16:16, Antonio Torres wrote:
> > Tried updating to 3.0.23 and the issue seems to be fixed. However due
> > to the updates policy we can't do a full upgrade, so we have to
> > backport fixes to 3.0.21. I am having issues finding the commit(s)
> > that fix this issue, so any help would be appreciated.
>
> Nice try. RedHat are *paid* to look after their distribution, and you're
> asking us to investigate an an issue for free, in an obsolete version.
>
> Not sure that's going to go down too well.

I am sorry my message gave that impression. I'm not asking for anyone
to do my job, I'm just asking for some pointers to identify this fix,
since the release notes don't mention commit hashes or PR numbers.
Rest assured that we have dedicated a considerable amount of time to
test and investigate before asking for help.

>
> If 3.0.23 works, then great, upgrade to that instead. Or even 3.0.25,
> rather than yet another obsolete version.
>
> > I'm not sure this is related, but we are hitting an error with the
> > same error message as this one but using MSCHAPv2. Here's the report:
> > https://bugzilla.redhat.com/show_bug.cgi?id=2014525
> > This is still valid in the latest FreeRADIUS release (3.0.25).
>
> Try it with a non-bleeding edge version of OpenSSL? I don't know if
> anyone's even looked at that yet.
> --
> Matthew
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html