FreeRadius3 on FreeBSD 10.3

Olivier Olivier.Nicole at cs.ait.ac.th
Wed Jun 7 09:15:58 UTC 2017


frank <frank at undermydesk.org> writes:

> Hi,
>
> On 6/7/17 9:52 AM, Olivier wrote:
> [...]
>> Anybody has succeeded to run FreeRadius3 on FreeBSD 10.3-RELEASE?
>> 
>> It is complaining that the version of OpenSSL contains bug, but OpenSSl
>> comes with FreeBSD system and i am prety sure I have applied all
>> security patches (last patch regarding OpenSSL is p17, SA published in
>> february this year).
>> 
>> FreeBSD ldap.cs.ait.ac.th 10.3-RELEASE-p17 FreeBSD 10.3-RELEASE-p17 #5 r314483: Thu Mar  2 13:04:10 ICT 2017     root at ldap.cs.ait.ac.th:/usr/obj/usr/src/sys/GENERIC  i386
>> 
>> freeradius3-3.0.14 compiled from the ports
>> 
>> The error message is:
>> 
>> Error: Refusing to start with libssl version OpenSSL 1.0.1s-freebsd  1 Mar 2016 0x1000113f (1.0.1s release) (in range 1.0.1 release - 1.0.1t rele)
>> Error: Security advisory CVE-2016-6304 (OCSP status request extension)
>> 
>> This error was corrected in FreeBSD-SA-16:26.openssl
>> 
>> Obviously FreeRadius is only comparing the version number of OpenSSL and
>> does not do a good job at checking the fact that the error has been
>> corrected or not.
>> 
>> So how do you run FreeRadius3 on FreeBSD 10.3-RELEASE?
>
> add/enable in radiusd.conf:
>
> allow_vulnerable_openssl = yes

Thank you.

Olivier

> HTH,
> frank\

-- 


More information about the freebsd-questions mailing list