FreeRADIUS and OpenSSL Linkage
aland at deployingradius.com
Wed Jan 7 10:44:52 CET 2009
It would be useful to be able to link FreeRADIUS with OpenSSL, for
systems like Debian that have restrictive license policies. Upon
auditing the source code (and some offline discussion), it looks like it
may be possible.
The code using OpenSSL is:
The ownership of the relevant code is largely myself, a bankrupt
company (rlm_eap), and Tri-D systems (rlm_otp). We've tried contacting
Tri-D systems (now owned by RedHat), but have had little response.
My suggestion is to do the following:
1) add a license exception to the main LICENSE file:
In addition, as a special exception, the copyright holders give
permission to link the code of portions of this program with the
OpenSSL library, and distribute linked combinations including the
two. This exception does not apply to the "rlm_otp" module.
You must obey the GNU General Public License in all respects
for all of the code used other than OpenSSL. If you modify
file(s) with this exception, you may extend this exception to your
version of the file(s), but you are not obligated to do so. If you
do not wish to do so, delete this exception statement from your
2) remove rlm_otp from the "stable" module list. It's not being
maintained, and I'm not sure anyone is using it.
This will make life easier for package maintainers, as they can just
configure --without-rlm_otp. The result will be a version of the server
that can be linked with OpenSSL on Debian-based systems.
More information about the Freeradius-Devel