Release 1.1.1 TODO

Nicolas Baradakis nbk at sitadelle.com
Mon Feb 6 17:55:03 CET 2006


Alan DeKok wrote:

> Nicolas Baradakis <nbk at sitadelle.com> wrote:
>
> > - pull eap fixes from CVS head to address Debian's issues. I found
> >   many changes not in branch 1.1 but I've no idea whether they are
> >   safe or not:
> >   - moved TLS code from rlm_eap_tls to libeap.
>
>   Yes.
>
> >   - removed record_* functions from global visibility.
>
>   Not necessary.
>
> >   - remove the EAP submodule locking.
>
>   Sure, but not necessary.
>
> >   - change autoconf tests for OpenSSL.
> >   - put the eap sessions into a tree, so that looking them up is very
> >     fast, and no longer O(n) in the number of sessions.
>
>   Not really necessary, but sure.  There should only be 10's of
> ongoing EAP sessions at a time, so it's not critical.
>
> >   - if the callback fails, do eap_fail() to get an EAP-Failure message
> >     and return reject.
> >   - use new hex2bin function to be more forgiving for NT-Passwords
> >   - make "use_tunneled_reply" work properly for PEAP
>
>   Yes.

Ok, I made a sweep on all files under src/modules/rlm_eap and pulled
the changes into branch 1.1. I can now build all the problematic
modules rlm_eap_{peap,tls,ttls} on my Debian box, and the server
successfully link them at startup. (this had never worked before
with 1.1.0 on Debian)

It'd be great if someone else could also run a few tests on the new
code in CVS, just to be sure that nothing is broken.

-- 
Nicolas Baradakis




More information about the Freeradius-Devel mailing list