New Features Development Question
aland at deployingradius.com
Tue Jul 7 13:32:24 CEST 2020
On Jul 7, 2020, at 6:04 AM, Oleg Pekar <oleg.pekar.2017 at gmail.com> wrote:
> That's perfectly clear. What is the current schedule for releasing v4?
It will be released when it's ready. Sadly, paying work gets in the way of fixing v4.
> Are you also planning to release some beta-version on a feature
> complete milestone before the official release? If I take v4 today as
> a base for my PoC - what is the current stability level of v4?
v4 is stable, mostly. We run a suite of tests on it for every build. We ensure that the tests pass. But as with software undergoing large changes, there may be issues from time to time.
> I meant a generic ability to work with an external CA server that
> provides Certificate Trusted List services instead of working with the
> local certificate storage.These services include revocation
> configuration (OCSP/CRL) per CA certificate. I don't have any specific
> API in mind, just need to think about such functionality.
OpenSSL already supports OCSP. That's supported in v3, too.
>> The better method though, is sending back all the encoded session-state attributes in the ticket, then there's no need for the central database. That's not done currently unfortunately because of limitations in the OpenSSL API.
> What are those limitations?
I don't recall. Maybe Arran can offer opinions.
> Few more questions:
> * Is RadSec over TLS working in v4? My colleague has it working in v3,
> but not in v4. TCP on the other hand is working fine in v4.
Radsec isn't in v4 yet, mostly due to time.
> * Is it possible to have dynamic authorization messages and responses
> go over the same RadSec tunnel used for authentication and accounting?
> In v3? In v4?
No. There is no IETF standard for this, and no RADIUS server supports it.
We're looking at adding it in v4 for a large WiFi project which is underway. But even that may take 8 months.
> * Does v4 have backward compatibility for configuration? If we start
> with v3 - what will be the effort to move to v4 (not including any
> code changes we can do)?
It's not 100% compatible with v3. That's why it's a major version change.
But, most things are pretty similar. The unlang syntax is 99% the same (some new things are added). The module configurations are 99% the same. The server comes with an "upgrade" guide which details the differences. See doc/antora/modules/installation/pages/upgrade.adoc
It should take less than a day to move a complex v3 configuration to v4. It's mostly just renaming and testing.
More information about the Freeradius-Devel