2.0.5 on Solaris with openssl 0.9.8h

Rafiqul Ahsan rafiqul.ahsan at gmail.com
Fri Aug 15 06:33:23 CEST 2008 

Hi Alan, and All,

Well, I believe I have linked Freeradius 2.0.5 with the right openssl
(0.9.8h) now by adding below env variables(my build logs also says
that linked with -L/usr/local/ssl/lib). However I still see the same
error while using sha256 encryption algorithm with RSA 2048 key. I
sent this query to openssl maillist, they are sending me back to you
(freeradius folks) to verify whether Freeradius supports sha2, sha256
etc. (I hoped that below patch would allow, but no luck).

CFLAGS=-I/usr/local/ssl/include/openssl
CPPFLAGS=-I/usr/local/ssl/include/openssl
LDFLAGS=-L/usr/local/ssl/lib
export CFLAGS CPPFLAGS LDFLAGS

And earlier I added below two patches to Freeradius:

--- freeradius-1.1.7/configure	
+++ freeradius-1.1.7-new/configure	
@@ -20552,7 +20552,7 @@
   echo $ECHO_N "(cached) $ECHO_C" >&6
 else
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl  $LIBS"
+LIBS="-lssl -lcrypto -ldl $LIBS"
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -20617,8 +20617,7 @@
 		if test "x$OPENSSL_LIB_DIR" != "x"; then
 		    OPENSSL_LIBS="-L$OPENSSL_LIB_DIR"
 		fi
-		OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto"
-
+		OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto -ldl"
 fi


diff -Naur freeradius-1.1.7-mod/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
freeradius-1.1.7/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
--- freeradius-1.1.7-mod/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c	2007-04-20
14:58:46.000000000 +0300
+++ freeradius-1.1.7/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c	
@@ -292,6 +292,7 @@
 	 */
 	SSL_library_init();
 	SSL_load_error_strings();
+	OpenSSL_add_all_digests();

 	meth = TLSv1_method();
 	ctx = SSL_CTX_new(meth);




On 8/14/08, Alan DeKok <aland at deployingradius.com> wrote:
> Rafiqul Ahsan wrote:
> > I tried to install the openssl from Sunware, but it installs at
> > /usr/local/ssl directory. Somehow (could not figure out how) the
> > freeradius build process linking with the Solaris prebuilt openssl
> > library at /usr/sfw..
>
>  Because that's what the linker on Solaris does.  Go read it's
> documentation to see how to configure it to do what you want.  This
> isn't a FreeRADIUS question.
>
> > I would like to change configuration the linker to prefer one version
> > (0.9.8)over the other (0.9.7 is prebuilt comes with Solaris).. also to
> > include references to prefer one over other...But I don;t know where
> > to change.I looked at Configure, Makefile....but cannot seem to find
> > where it was configured that. Can you please help ?
>
>  Maybe the Solaris linker documentation will help?
>
>  Heck, if you're building as root, just do "chmod a-rwx /usr/sfw",
> build FreeRADIUS, and then do "chmod a+rx /usr/sqf".  That should solve
> it.  i.e. This is pretty much a Unix 101 question...
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-- 
Rafiqul Ahsan

More information about the Freeradius-Users mailing list