Releasing 3.0.17?

Alan DeKok aland at
Thu Mar 29 23:02:00 CEST 2018

On Mar 29, 2018, at 2:12 PM, Arran Cudbard-Bell <a.cudbardb at> wrote:
> As discussed offline, there are some side effects which makes this difficult to do whilst maintaining backwards compatibility.
> The big one is that using the 1.0.2 API to do certificate chaining seems to effectively disable auto chaining, as certs are no longer taken from the top level ca_file.

  If it's possible to do *either* the old method or the new one, that may be useful.  Once people start using ECC certs.

> The change to how chaining works between OpenSSL < 1.0.2 and >= 1.0.2 is so major I'm tempted to suggest that we have a hard dependency on 1.0.2 in the FreeRADIUS v4.0.x branch to avoid confusion.

  That sounds like a good idea.  There's just no reason to use a version of OpenSSL which is years out of date.

  Alan DeKok.

More information about the Freeradius-Users mailing list