On Mar 30, 2018, at 1:22 PM, Stefan Paetow <Stefan.Paetow@jisc.ac.uk> wrote:
Arran, Alan, thumbs-up to a v3.0.17. Can you just make sure that when you build the official packages, that you don't build against packages that are not available in either CentOS/RHEL 7 or EPEL 7 repos? I had hoped to deploy the official 3.0.16 package but it wanted a package that doesn't exist in any of the repos in question.
The main issue is that RH has decided to move from OpenSSL to NSS. They've *partially* done the port. So libldap links to NSS, but other applications such as FreeRADIUS don't. Trying to use libldap+NSS with FreeRADIUS+OpenSSL is a recipe for disaster. NSS has an OpenSSL wrapper / compatibility layer. So that layer ends up "stealing" the OpenSSL functions from FreeRADIUS, and then everything crashes. As a result, we need to have FR link to a version of libldap that uses OpenSSL. Which RH doesn't distribute. If you're not using LDAP, this is mostly moot. Alan DeKok.