On Tue, Jun 17, 2014 at 4:10 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On 17 Jun 2014, at 08:43, Christian Hesse <list@eworm.de> wrote:
Still the question is whether freeradius should break on ABI incompatibility change (which should still give a warning with my patch) or break on *every* openssl update, regardless of whether or not ABI changed.
Searching for "freeradius libssl version mismatch" gives a lot of matches, so looks like this is a real issue.
Some of those aren't for FreeRADIUS.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732940
OpenSSH has also adopted this approach, with a very similar message to us. Obviously they got annoyed too.
I've changed the behaviour to match theirs.
... and apparently Debian's "solution" to the problem (from the same page) is * Restore patch to disable OpenSSL version check (closes: #732940). So FR's position is to leave it to official distro packagers to disable it as well, just like allow_vulnerable_openssl? -- Fajar