On Tue, Jun 17, 2014 at 4:10 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:

On 17 Jun 2014, at 08:43, Christian Hesse <list@eworm.de> wrote:
> Still the question is whether freeradius should break on ABI incompatibility
> change (which should still give a warning with my patch) or break on *every*
> openssl update, regardless of whether or not ABI changed.
>
> Searching for "freeradius libssl version mismatch" gives a lot of matches, so
> looks like this is a real issue.

Some of those aren't for FreeRADIUS.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732940

OpenSSH has also adopted this approach, with a very similar message to us.
Obviously they got annoyed too.

I've changed the behaviour to match theirs.


... and apparently Debian's "solution" to the problem (from the same page) is

   * Restore patch to disable OpenSSL version check (closes: #732940).

So FR's position is to leave it to official distro packagers to disable it as well, just like allow_vulnerable_openssl?

-- 
Fajar