Releasing 3.0.17?
Alan DeKok
aland at deployingradius.com
Fri Mar 30 19:27:32 CEST 2018
On Mar 30, 2018, at 1:22 PM, Stefan Paetow <Stefan.Paetow at jisc.ac.uk> wrote:
>
> Arran, Alan, thumbs-up to a v3.0.17. Can you just make sure that when you build the official packages, that you don't build against packages that are not available in either CentOS/RHEL 7 or EPEL 7 repos? I had hoped to deploy the official 3.0.16 package but it wanted a package that doesn't exist in any of the repos in question.
The main issue is that RH has decided to move from OpenSSL to NSS. They've *partially* done the port. So libldap links to NSS, but other applications such as FreeRADIUS don't.
Trying to use libldap+NSS with FreeRADIUS+OpenSSL is a recipe for disaster. NSS has an OpenSSL wrapper / compatibility layer. So that layer ends up "stealing" the OpenSSL functions from FreeRADIUS, and then everything crashes.
As a result, we need to have FR link to a version of libldap that uses OpenSSL. Which RH doesn't distribute.
If you're not using LDAP, this is mostly moot.
Alan DeKok.
More information about the Freeradius-Users
mailing list