Sounds fine to me. Maybe we should also in future invesitgate using axtls in place of openssl. Not only is it an order of magnitude smaller which is great for embedded systems, it is also BSD licensed. Cheers Peter On Wed 07 Jan 2009, Alan DeKok wrote:
It would be useful to be able to link FreeRADIUS with OpenSSL, for systems like Debian that have restrictive license policies. Upon auditing the source code (and some offline discussion), it looks like it may be possible.
The code using OpenSSL is:
src/main/threads.c src/modules/rlm_eap/ src/modules/rlm_otp/ src/modules/rlm_wimax/
The ownership of the relevant code is largely myself, a bankrupt company (rlm_eap), and Tri-D systems (rlm_otp). We've tried contacting Tri-D systems (now owned by RedHat), but have had little response.
My suggestion is to do the following:
1) add a license exception to the main LICENSE file:
In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library, and distribute linked combinations including the two. This exception does not apply to the "rlm_otp" module. You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.
2) remove rlm_otp from the "stable" module list. It's not being maintained, and I'm not sure anyone is using it.
This will make life easier for package maintainers, as they can just configure --without-rlm_otp. The result will be a version of the server that can be linked with OpenSSL on Debian-based systems.
Thoughts?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- Peter Nixon http://peternixon.net/