From owner-freebsd-questions@freebsd.org  Wed Jun  7 08:46:28 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D422ABFEDCD
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed,  7 Jun 2017 08:46:28 +0000 (UTC)
 (envelope-from frank@undermydesk.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id BA7CA676A2
 for <freebsd-questions@freebsd.org>; Wed,  7 Jun 2017 08:46:28 +0000 (UTC)
 (envelope-from frank@undermydesk.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id B707FBFEDCC; Wed,  7 Jun 2017 08:46:28 +0000 (UTC)
Delivered-To: questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B6ABBBFEDCB
 for <questions@mailman.ysv.freebsd.org>; Wed,  7 Jun 2017 08:46:28 +0000 (UTC)
 (envelope-from frank@undermydesk.org)
Received: from amazone.undermydesk.org (amazone.undermydesk.org
 [213.211.198.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7A6A9676A1
 for <questions@freebsd.org>; Wed,  7 Jun 2017 08:46:27 +0000 (UTC)
 (envelope-from frank@undermydesk.org)
Received: from localhost (localhost [127.0.0.1])
 by amazone.undermydesk.org (Postfix) with ESMTP id 98376286B75;
 Wed,  7 Jun 2017 10:46:19 +0200 (CEST)
X-Virus-Scanned: amavisd-new at undermydesk.org
Received: from amazone.undermydesk.org ([213.211.198.100])
 by localhost (amazone.undermydesk.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id pkmCxzu_Edjg; Wed,  7 Jun 2017 10:46:18 +0200 (CEST)
Received: from freppin-imac-001-lan.employees.statconsult.de
 (port-ip-213-211-239-178.sta.reverse.mdcc-fun.de [213.211.239.178])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by amazone.undermydesk.org (Postfix) with ESMTPSA id 33918286B74;
 Wed,  7 Jun 2017 10:46:18 +0200 (CEST)
Subject: Re: FreeRadius3 on FreeBSD 10.3
To: Olivier <Olivier.Nicole@cs.ait.ac.th>, questions@freebsd.org
References: <wu74lvsw7xn.fsf@banyan.cs.ait.ac.th>
From: frank <frank@undermydesk.org>
Message-ID: <f73d24e3-9397-b8f5-f71a-03dda84091be@undermydesk.org>
Date: Wed, 7 Jun 2017 10:46:11 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <wu74lvsw7xn.fsf@banyan.cs.ait.ac.th>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 08:46:28 -0000

Hi,

On 6/7/17 9:52 AM, Olivier wrote:
[...]
> Anybody has succeeded to run FreeRadius3 on FreeBSD 10.3-RELEASE?
> 
> It is complaining that the version of OpenSSL contains bug, but OpenSSl
> comes with FreeBSD system and i am prety sure I have applied all
> security patches (last patch regarding OpenSSL is p17, SA published in
> february this year).
> 
> FreeBSD ldap.cs.ait.ac.th 10.3-RELEASE-p17 FreeBSD 10.3-RELEASE-p17 #5 r314483: Thu Mar  2 13:04:10 ICT 2017     root@ldap.cs.ait.ac.th:/usr/obj/usr/src/sys/GENERIC  i386
> 
> freeradius3-3.0.14 compiled from the ports
> 
> The error message is:
> 
> Error: Refusing to start with libssl version OpenSSL 1.0.1s-freebsd  1 Mar 2016 0x1000113f (1.0.1s release) (in range 1.0.1 release - 1.0.1t rele)
> Error: Security advisory CVE-2016-6304 (OCSP status request extension)
> 
> This error was corrected in FreeBSD-SA-16:26.openssl
> 
> Obviously FreeRadius is only comparing the version number of OpenSSL and
> does not do a good job at checking the fact that the error has been
> corrected or not.
> 
> So how do you run FreeRadius3 on FreeBSD 10.3-RELEASE?

add/enable in radiusd.conf:

allow_vulnerable_openssl = yes

HTH,
frank\

-- 
43rd Law of Computing:
         Anything that can go wr
fortune: Segmentation violation -- Core dumped