[ANN] Version 3.0.0-beta1

David Peterson davidp at wirelessconnections.net
Tue Jun 4 20:32:00 CEST 2013

I am getting this on installation:

rlm_eap_tls: Failed initializing SSL context
rlm_eap (EAP): Failed to initialise rlm_eap_tls
/usr/local/etc/raddb/mods-enabled/eap[17]: Instantiation failed for module

Typically it generates the fake certs on the first run, should I be running
a certificate creation routine with 3.0?


-----Original Message-----
freeradius-users-bounces+davidp=wirelessconnections.net at lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections.net at lists.freera
dius.org] On Behalf Of Arran Cudbard-Bell
Sent: Tuesday, June 4, 2013 2:19 PM
To: FreeRadius users mailing list
Subject: [ANN] Version 3.0.0-beta1

The majority of the potentially disruptive code changes have now been
completed for 3.0 and it is at a stage where community testing would be

To provide a single point to test against, the release_3_0_0_beta1 tag has
been created.

The tarball is available here:


Instructions for converting existing 2.1.x configurations are available


Please post any defects to

3.0 will be released _soon_, likely within the next month.

Significant changes from release_3_0_0_beta0:
* xlat expansions and conditions are now precompiled at server start.
* Syntax checking for xlat expansions and conditions is performed at server
* rlm_ldap now has support for caching groups.
* Casting is now supported to explicitly convert attributes and values to a
common type for comparisons.
* Direct comparison of attribute references is now supported e.g. &<attr1>
== &<attr2>.
* Comparisons of IPv4 and IPv6 prefixes are now supported, with the prefixes
treated as sets of IPs.
* New rlm_idn module providing an xlat expansion for performing IDNA
encoding of internationalized domain names. (thanks to 'skids').
* New sha1 xlat expansion (thanks to Alan Buxey)
* New rlm_yubikey module to validate yubikey OTP tokens.
* Rewritten rlm_sqlite driver. Now supports creating new databases on server
startup for bootstrapping purposes.
* Colourised log messages when logging to stdout.

Internal changes:
* All traces of the old build system have been removed.
* clang is better supported.
* A significant portion of memory management has been moved to talloc, and
many of the internal API functions have been updated to take context
* New API for iterating over VALUE_PAIRs, this is in preparation for nested
attributes. No new code should directly modify vp->next pointers or treat
VALUE_PAIRs as if they were elements in a linked list. Iterating over
VALUE_PAIRs should now be done with paircursor, pairnext, and pairfindnext.
* VALUE_PAIRs no longer contain attribute and vendor fields, they instead
contain pointers to DICT_ATTRs.
* Some protocol specific code has been moved out into proto_* modules.
* Standardised internal logging macros. New code should use these macros
instead of calling radlog* directly.
* Use OpenSSL hashing functions when available.
* Sever now builds with no warnings on most platforms.
* New RADIUS encoder/decoder.

Arran Cudbard-Bell <a.cudbardb at freeradius.org> FreeRADIUS Development Team

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list