GnuTLS and FreeRADIUS

LATZE Carolin carolin.latze at unifr.ch
Wed Apr 15 17:01:41 CEST 2009


>> 
>>   It's hard.  The GNUTLS stuff contains wrappers for OpenSSL.  However,
>> they also got a number of things in their API wrong. (From what I recall
>> about the last time I checked).  This made using GnuTLS difficult.

>I've also seen a lot of timeout-related problems with MTAs compiled to
>use GNUTLS. Given the choice I'ld recommend everyone to use OpenSSL

Unfortunately it seems that we don't have any choice. We need TLS 1.2 which seems not to be supported in OpenSSL. So, we will start with modifying the EAP-TLS module in order to use GnuTLS. I know it is a terrible solution to have both TLS libraries in FreeRADIUS, but at the moment, we don't have the resources to try to migrate FreeRADIUS completely. I hope that we won't see side effects when migrating one module - we'll see... Is there already any known problem with that approach?

@Jouni: I will start grepping through wpa_supplicant and hope that I can reuse as much code as possible.

Carolin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20090415/1cf7ebf3/attachment.html>


More information about the Freeradius-Devel mailing list