FreeRADIUS SSL version check

Arran Cudbard-Bell a.cudbardb at
Tue Jan 13 09:38:35 CET 2015

> On 8 Jan 2015, at 02:00, Alan DeKok <aland at> wrote:
> On Jan 7, 2015, at 1:54 PM, Michael Richardson <mcr at> wrote:
>> Could static linking libssl in be made easier?
>  Systems ship with static libraries?
>> I haven't tried recently, but often it's really hard with autoconf.
>  Which is why v3 no longer uses libtool, libltdl.  In a modern system, they make life *worse*.
>> Sure, this means updating freeradius when/if openssl has another security
>> issue, but it also isolates freeradius from system updates.
>  That’s why it’s configurable.
>> Being able to build on one machine and deploy to another machine such that
>> one doesn't have to install a compiler is a big win to me.
>  Then be sure that both systems have the same version of OpenSSL. 
>  Or, do:
> $ ./configure --disable-openssl-version-check

That only disables the check for vulnerable versions of libssl, not the 
consistency checks.

The patch counter of the libssl version can be incremented without 
triggering the error. This is the same as the checks OpenSSH does IIRC.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

More information about the Freeradius-Devel mailing list