Date: Wed, 07 Jun 2017 16:15:54 +0700 From: Olivier <Olivier.Nicole@cs.ait.ac.th> To: frank <frank@undermydesk.org> Cc: questions@freebsd.org Subject: Re: FreeRadius3 on FreeBSD 10.3 Message-ID: <wu71sqww439.fsf@banyan.cs.ait.ac.th> In-Reply-To: <f73d24e3-9397-b8f5-f71a-03dda84091be@undermydesk.org> (message from frank on Wed, 7 Jun 2017 10:46:11 %2B0200)
next in thread | previous in thread | raw e-mail | index | archive | help
frank <frank@undermydesk.org> writes: > Hi, > > On 6/7/17 9:52 AM, Olivier wrote: > [...] >> Anybody has succeeded to run FreeRadius3 on FreeBSD 10.3-RELEASE? >> >> It is complaining that the version of OpenSSL contains bug, but OpenSSl >> comes with FreeBSD system and i am prety sure I have applied all >> security patches (last patch regarding OpenSSL is p17, SA published in >> february this year). >> >> FreeBSD ldap.cs.ait.ac.th 10.3-RELEASE-p17 FreeBSD 10.3-RELEASE-p17 #5 r314483: Thu Mar 2 13:04:10 ICT 2017 root@ldap.cs.ait.ac.th:/usr/obj/usr/src/sys/GENERIC i386 >> >> freeradius3-3.0.14 compiled from the ports >> >> The error message is: >> >> Error: Refusing to start with libssl version OpenSSL 1.0.1s-freebsd 1 Mar 2016 0x1000113f (1.0.1s release) (in range 1.0.1 release - 1.0.1t rele) >> Error: Security advisory CVE-2016-6304 (OCSP status request extension) >> >> This error was corrected in FreeBSD-SA-16:26.openssl >> >> Obviously FreeRadius is only comparing the version number of OpenSSL and >> does not do a good job at checking the fact that the error has been >> corrected or not. >> >> So how do you run FreeRadius3 on FreeBSD 10.3-RELEASE? > > add/enable in radiusd.conf: > > allow_vulnerable_openssl = yes Thank you. Olivier > HTH, > frank\ --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wu71sqww439.fsf>