On 8 Jan 2015, at 02:00, Alan DeKok <aland@deployingradius.com> wrote:
On Jan 7, 2015, at 1:54 PM, Michael Richardson <mcr@sandelman.ca> wrote:
Could static linking libssl in be made easier?
Systems ship with static libraries?
I haven't tried recently, but often it's really hard with autoconf.
Which is why v3 no longer uses libtool, libltdl. In a modern system, they make life *worse*.
Sure, this means updating freeradius when/if openssl has another security issue, but it also isolates freeradius from system updates.
That’s why it’s configurable.
Being able to build on one machine and deploy to another machine such that one doesn't have to install a compiler is a big win to me.
Then be sure that both systems have the same version of OpenSSL.
Or, do:
$ ./configure --disable-openssl-version-check
That only disables the check for vulnerable versions of libssl, not the consistency checks. The patch counter of the libssl version can be incremented without triggering the error. This is the same as the checks OpenSSH does IIRC. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2