Unable to use freeradius 3.0.26 with openssl 3.0

Ľudovít Mikula ludovit.mikula at mikori.sk
Wed Jan 22 11:15:00 UTC 2025 

As far as I can see in the recipe (never used them tbh), it uses openssl 
include and lib dirs from system, because the recipe does not override 
the defaults:

STAGING_INCDIR: Specifies the path to the /usr/include subdirectory of 
the sysroot directory for the target for which the current recipe being 
built (STAGING_DIR_HOST).

STAGING_LIBDIR: Specifies the path to the /usr/lib subdirectory of the 
sysroot directory for the target for which the current recipe is being 
built (STAGING_DIR_HOST).

So it links against the openssl dev libraries installed on the build host.

More info in the yocto docu: 
https://docs.yoctoproject.org/dev-manual/new-recipe.html#compilation

Ludo


On 20. 1. 2025 18:38, Amit P wrote:
> Hi Alan,
> 
> Thanks for your response.
> As per 3.0.26 release notes (
> https://www.freeradius.org/release_notes/?s=3.0.26) OpenSSL3 support is
> available in this version.
> 
> *Feature Improvements*
> 
>     - Add support for OpenSSL3.
>     - Support PEAP and TTLS with TLS 1.3. This has been tested with
>     wpa_supplicant and Windows 11.
>     - Add configure-time FIPS workaround to use internal MD4/MD5
>     implementations when disabled in OpenSSL.
> 
> I am building Freeradius using below Yocto recipe, so it should pick the
> system's OpenSSL version where it is being compiled.
> https://git.openembedded.org/meta-openembedded/tree/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.26.bb?h=mickledore
> 
> Are you saying we can't use Freeradius 3.0.26 package with OpenSSL3.0.
> Please let me know if I am missing anything.
> 
> Thanks & Regards,
> Amit
> 
> On Mon, Jan 20, 2025 at 6:24 PM Alan DeKok <aland at deployingradius.com>
> wrote:
> 
>> On Jan 20, 2025, at 2:38 AM, Amit P <amit.subscription at gmail.com> wrote:
>>> I am using Freeradius version 3.0.26 for a basic authentication, My
>> system
>>> is upgraded from Openssl 1.0.2 to 3.0.4 version
>>
>>    You can't upgrade OpenSSL across major versions, and expect that the
>> same FreeRADIUS package will continue to work.
>>
>>    FreeRADIUS has to be built against the correct version of OpenSSL.  We
>> have pre-built packages for most Linux distributions on our web site:
>>
>> https://packages.inkbridgenetworks.com/
>>
>>    These packages are built with OpenSSL 3.
>>
>>    Alan DeKok.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Ľudovít Mikula

Mikori s.r.o
------------------------
Fatranská 3100/4
01008 Žilina
Slovenská Republika
------------------------
... aby korenie
     chutilo, ako má ...
------------------------
      Web: https://www.mikori.sk/
   E-Shop: https://www.cerstvekorenie.sk/
   E-mail: ludovit.mikula at mikori.sk
Facebook: https://www.facebook.com/mikori.korenie/

More information about the Freeradius-Users mailing list