15 Oct
2015
15 Oct
'15
5:39 p.m.
On Oct 15, 2015, at 5:09 PM, Nick Lowe <nick.lowe@gmail.com> wrote:
Arran,
For all our sanity, can you not just mandate OpenSSL 1.0.1 or later for FreeRADIUS builds?
Explicitly break the build if it's older.
We *HAD* sanity checks to *PREVENT* the server from starting if the build time OpenSSL was a different version to the runtime SSL. But these were removed by commit 767c67fc4f2f673a44f89794a3531158dcb7b1ec. This patch was not developed internally, but was contributed by RedHat. We agreed to disable the vulnerability checks to help RHEL with patching OpenSSL vulnerabilities, we did NOT agree to disable the version sanity checks FOR PRECISELY THIS REASON. -Arran