Release 1.1.1 TODO
Nicolas Baradakis
nbk at sitadelle.com
Mon Feb 6 17:55:03 CET 2006
Alan DeKok wrote:
> Nicolas Baradakis <nbk at sitadelle.com> wrote:
>
> > - pull eap fixes from CVS head to address Debian's issues. I found
> > many changes not in branch 1.1 but I've no idea whether they are
> > safe or not:
> > - moved TLS code from rlm_eap_tls to libeap.
>
> Yes.
>
> > - removed record_* functions from global visibility.
>
> Not necessary.
>
> > - remove the EAP submodule locking.
>
> Sure, but not necessary.
>
> > - change autoconf tests for OpenSSL.
> > - put the eap sessions into a tree, so that looking them up is very
> > fast, and no longer O(n) in the number of sessions.
>
> Not really necessary, but sure. There should only be 10's of
> ongoing EAP sessions at a time, so it's not critical.
>
> > - if the callback fails, do eap_fail() to get an EAP-Failure message
> > and return reject.
> > - use new hex2bin function to be more forgiving for NT-Passwords
> > - make "use_tunneled_reply" work properly for PEAP
>
> Yes.
Ok, I made a sweep on all files under src/modules/rlm_eap and pulled
the changes into branch 1.1. I can now build all the problematic
modules rlm_eap_{peap,tls,ttls} on my Debian box, and the server
successfully link them at startup. (this had never worked before
with 1.1.0 on Debian)
It'd be great if someone else could also run a few tests on the new
code in CVS, just to be sure that nothing is broken.
--
Nicolas Baradakis
More information about the Freeradius-Devel
mailing list