OpenSSL Security issues
Alan DeKok
aland at deployingradius.com
Tue Apr 8 14:41:15 CEST 2014
Phil Mayers wrote:
> Hardcoding a version number blacklist into the build environment just
> means everyone building against an enterprise distro will have to patch
> your changes out.
I understand.
> You'd be better off adding a runtime check and refusing to start without
> "allow_unsafe_openssl" global set or similar, if you must. At least that
> way people can configure the server to start once they've patched.
Yes. And unfortunately there's no run-time check to say that OpenSSL
has been patched to address the vulnerability. <sigh>
Alan DeKok.
More information about the Freeradius-Users
mailing list