[PATCH 1/1] Just warn if linked libssl is more recent

Alan DeKok aland at deployingradius.com
Tue Jun 17 15:36:28 CEST 2014

Phil Mayers wrote:
> OpenSSL has broken ABI in the past without a .soname bump. Very
> annoying. That does not make it your business to hard-code a version
> number into the application IMO.

  It means that people complain *here* when OpenSSL breaks things.
That's annoying.  I'd rather have FreeRADIUS produce a useful error
message, telling them where the real problem is.

> I don't think applications should be enforcing this, full stop. I don't
> expect you'll agree with me, but never mind.

  If a library causes the application to crash, the application should
check for that library.  GIGO is for idiots.

  I'm OK with adding a configuration directive which tells the server to
ignore this check.  But the check MUST be there by default, and MUST be
enabled by default.

  That way when people turn it off and the server crashes due to OpenSSL
problems... I can say "You edited the config and broke the server".

  Alan DeKok.

More information about the Freeradius-Devel mailing list