freeradius 3.0.13 refusing to start with Heartbleed-unaffected OpenSSL version
Konstantin Knaab-Hinrichs
paradonym at googlemail.com
Thu Apr 20 15:56:41 CEST 2017
Hi,
having trouble getting radiusd to work because of openssl:
CLI debugging:
root@$HOSTNAME:/etc/raddb# openssl version
OpenSSL *1.0.2k* 26 Jan 2017
root@$HOSTNAME:/etc/raddb# cat radiusd.conf | grep allow_vulnerable
# allow_vulnerable_openssl: Allow the server to start with
* allow_vulnerable_openssl = yes*
root@$HOSTNAME:/etc/raddb# hostnamectl
Static hostname: $HOSTNAME
Icon name: computer-vm
Chassis: vm
Machine ID: $CENSORED
Boot ID: $CENSORED
Virtualization: vmware
Operating System: Debian GNU/Linux 8 (jessie)
Kernel: Linux 3.16.0-4-amd64
Architecture: x86-64
root@$HOSTNAME:/etc/raddb# radiusd -X
FreeRADIUS Version 3.0.13
[snip]
Debugger not attached
Refusing to start with libssl version OpenSSL 1.0.1t 3 May 2016 0x1000114f
(1.0.1t release) (in range 1.0.1 release - 1.0.1t rele)
Security advisory CVE-2016-6304 (OCSP status request extension)
For more information see https://www.openssl.org/news/secadv/20160922.txt
Once you have verified libssl has been correctly patched, set
security.allow_vulnerable_openssl = 'CVE-2016-6304'
The same error message when entering allow_vulnerable_openssl =
'CVE-2016-6304' in radiusd.conf
No matter what I search for - every search results in something similar
than
https://lalitvc.wordpress.com/2014/06/26/freeradius-refusing-to-start-with-libssl-version-openssl-security-advisory-cve-2014-0160/
Do I have to recompile FreeRADIUS after a new installation of OpenSSL?
Yours,
Konstantin
More information about the Freeradius-Users
mailing list