Backporting TLS fixes to Fedora and RHEL

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Oct 15 18:12:37 CEST 2021



> On Oct 15, 2021, at 10:16 AM, Antonio Torres <antorres at redhat.com> wrote:
> 
> Hello everyone,
> 
> I'm the maintainer for FreeRADIUS in RHEL and Fedora. We have found an
> issue when using FreeRADIUS 3.0.21 and OpenSSL 3.0. Running eapol_test
> with the attached config (EAP-TTLS-TLS) fails with the following
> errors (logs attached):

Note that eapol_test/hostapd/wpa_supplicant does not support OpenSSL 3.0.0.
I needed to build it against OpenSSL 1.1.x in our CI to get our tests functional
when I fixed  FreeRADIUS master to work with OpenSSL 3.0.0.

There was nothing from the work that I did that would suggest that OpenSSL 3.0.0
would not work with FreeRADIUS 3.  Most of the fixes were swapping away
from deprecated low level APIs to the EVP API.

Have you tried building eapol_test/wpa_supplicant with an older version of OpenSSL?

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20211015/b64ee95a/attachment.sig>


More information about the Freeradius-Users mailing list