FreeRADIUS and OpenSSL Linkage

Alan DeKok aland at
Wed Jan 7 10:44:52 CET 2009

  It would be useful to be able to link FreeRADIUS with OpenSSL, for
systems like Debian that have restrictive license policies.  Upon
auditing the source code (and some offline discussion), it looks like it
may be possible.

  The code using OpenSSL is:


  The ownership of the relevant code is largely myself, a bankrupt
company (rlm_eap), and Tri-D systems (rlm_otp).  We've tried contacting
Tri-D systems (now owned by RedHat), but have had little response.

  My suggestion is to do the following:

1) add a license exception to the main LICENSE file:

   In addition, as a special exception, the copyright holders give
   permission to link the code of portions of this program with the
   OpenSSL library, and distribute linked combinations including the
   two.  This exception does not apply to the "rlm_otp" module.
   You must obey the GNU General Public License in all respects
   for all of the code used other than OpenSSL.  If you modify
   file(s) with this exception, you may extend this exception to your
   version of the file(s), but you are not obligated to do so.  If you
   do not wish to do so, delete this exception statement from your

 2) remove rlm_otp from the "stable" module list.  It's not being
maintained, and I'm not sure anyone is using it.

  This will make life easier for package maintainers, as they can just
configure --without-rlm_otp.  The result will be a version of the server
that can be linked with OpenSSL on Debian-based systems.


  Alan DeKok.

More information about the Freeradius-Devel mailing list