On Oct 12, 2015, at 5:29 AM, Herwin Weststrate <herwin@quarantainenet.nl> wrote:
To be honest, these are the kinds of bugs where I trust my distro to have a fixed version before I've had the chance of compiling a new FreeRADIUS, just to discover that it won't start because it thinks the OpenSSL version is vulnerable.
FreeRADIUS thinks OpenSSL may be vulnerable because we want to err on the side of security. Anything else is bad practice.
The OpenSSL version check might be useful for installations where you have a manual installation of OpenSSL, but as long as you're using OpenSSL from a supported distro (like Debian or Ubuntu), I don't think the checks in FreeRADIUS have any added value.
Which is why you can do: ./configure --disable-openssl-version-check Alan DeKok.