Debian 12 libldap\GnuTLS when using NetworkRadius packages
Alexey D. Filimonov
alexey at filimonic.net
Sun Feb 16 22:00:46 UTC 2025
Thank you, Alan.
On 2025-02-15 20:19, Alan DeKok wrote:
> On Feb 15, 2025, at 12:11 PM, Alexey D. Filimonov <alexey at filimonic.net> wrote:
>> When installing freeRADIUS from NetworkRadius to Debian 12, I get this warning:
>>
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>> !! libldap is using GnuTLS, while FreeRADIUS is using OpenSSL
>> !! There may be random issues with TLS connections due to this conflict.
>> !! The server may also crash.
>> !! See https://wiki.freeradius.org/modules/Rlm_ldap for more information.
>> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>>
>> Any suggestions where to get \ how to build libldap for debian linked to OpenSSL ?
> https://ltb-project.org/download.html
>
> The underlying issue is that GnuTLS and OpenSSL are not compatible. An application has to be linked to only one at a time, and can't link to both.
>
> Since GnuTLS is lacking may features which OpenSSL has, FreeRADIUS can't switch to using GnuTLS. It might be possible (perhaps) to hack it so that it builds with GnuTLS, and simply discards any features which aren't supported. But that would be a lot of work. It could also make FreeRADIUS incompatible with many EAP implementations.
>
> The much simpler approach is to just switch to a version of libldap which uses OpenSSL.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list