Releasing 3.0.17?
Alan DeKok
aland at deployingradius.com
Thu Mar 29 23:02:00 CEST 2018
On Mar 29, 2018, at 2:12 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> As discussed offline, there are some side effects which makes this difficult to do whilst maintaining backwards compatibility.
>
> The big one is that using the 1.0.2 API to do certificate chaining seems to effectively disable auto chaining, as certs are no longer taken from the top level ca_file.
If it's possible to do *either* the old method or the new one, that may be useful. Once people start using ECC certs.
> The change to how chaining works between OpenSSL < 1.0.2 and >= 1.0.2 is so major I'm tempted to suggest that we have a hard dependency on 1.0.2 in the FreeRADIUS v4.0.x branch to avoid confusion.
That sounds like a good idea. There's just no reason to use a version of OpenSSL which is years out of date.
Alan DeKok.
More information about the Freeradius-Users
mailing list