Compiling with OpenSSL 1.1.1 (Alan DeKok)
Alan DeKok
aland at deployingradius.com
Fri Oct 19 16:38:46 CEST 2018
On Oct 19, 2018, at 9:59 AM, Doug Wussler <doug.wussler at fsu.edu> wrote:
>
> Just FYI, I upgraded to 3.0.17 and compiled with OpenSSL 1.1.1. Debug info still reports UNKNOWN TLS VERSION:
>
> FreeRADIUS Version 3.0.17
> Copyright (C) 1999-2017 The FreeRADIUS server project and contributors
>
> (1) eap_peap: TLS_accept: before SSL initialization
> (1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0092]
> (1) eap_peap: TLS_accept: SSLv3/TLS read client hello
Ah yes, that was a typo. It's been fixed in the v3.0.x branch.
> I should also mention that when using OpenSSL 1.1.1 the executable will not launch without this setting in radiusd.conf:
>
> allow_vulnerable_openssl = CVE-2016-6304
>
> which should not be necessary with 1.1.1.
That was another typo. It's already been fixed in the v3.0.x branch.
> Also, if interested, when attempting to compile with config setting "--without-dhcp" the compilation fails with:
>
> CC src/main/radattr.c
> build/objs/src/main/radattr.o: In function `process_file':
> /downloads/freeradius-server-3.0.17/src/main/radattr.c:842: undefined reference to `fr_dhcp_decode_options'
> /downloads/freeradius-server-3.0.17/src/main/radattr.c:813: undefined reference to `fr_dhcp_encode_option'
> collect2: error: ld returned 1 exit status
> make: *** [build/bin/local/radattr] Error 1
I've pushed a fix.
> This information is not intended as a complaint. I love the freeradius application and am very appreciative of
> all the work that goes into it. The efforts and responsiveness of both the development team and the community
> are extremely robust and helpful.
Simple bug reports are *much* better than "I did stuff and it didn't work. What's wrong?"
Alan DeKok.
More information about the Freeradius-Users
mailing list