Hi, hm, can we still hold the press? main { security { user = "radiusd" group = "radiusd" allow_core_dumps = yes } name = "radiusd" prefix = "/usr/local/freeradius/current" localstatedir = "/var" logdir = "/var/log/radius" run_dir = "/var/run/radiusd" } Cannot update core dump limit: Operation not permitted Core dumps are enabled main { ... security { max_attributes = 200 reject_delay = 0.000000 status_server = yes allow_vulnerable_openssl = "CVE-2016-6304" } } ... So after dropping priv's, it reads about CVE clearance. But then: Debugger not attached Refusing to start with libssl version OpenSSL 1.0.1k 8 Jan 2015 0x100010bf (1.0.1k release) (in range 1.0.1 release - 1.0.1t rele) Security advisory CVE-2016-6304 (OCSP status request extension) For more information see https://www.openssl.org/news/secadv/20160922.txt Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2016-6304' radius-int-1:/usr/local/freeradius # Hm. That's v3.0.x checkout from just a few minutes ago. Greetings, Stefan Winter Am 22.09.2016 um 17:59 schrieb Alan DeKok:
A belated request for last-minute tests of 3.0.12. I've pushed some changes to complain about OpenSSL. They work for me, but another check would be useful.
If all is OK, I'll release 3.0.12 on Monday. For real this time.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66