FreeRadius3 on FreeBSD 10.3
Jov
amutu at amutu.com
Wed Jun 7 09:19:27 UTC 2017
I have this in my radiusd.conf:
security {
...
allow_vulnerable_openssl = 'CVE-2016-6304'
}
2017-06-07 15:52 GMT+08:00 Olivier <Olivier.Nicole at cs.ait.ac.th>:
> Hi,
>
> Anybody has succeeded to run FreeRadius3 on FreeBSD 10.3-RELEASE?
>
> It is complaining that the version of OpenSSL contains bug, but OpenSSl
> comes with FreeBSD system and i am prety sure I have applied all
> security patches (last patch regarding OpenSSL is p17, SA published in
> february this year).
>
> FreeBSD ldap.cs.ait.ac.th 10.3-RELEASE-p17 FreeBSD 10.3-RELEASE-p17 #5
> r314483: Thu Mar 2 13:04:10 ICT 2017 root at ldap.cs.ait.ac.th:/usr/obj/usr/src/sys/GENERIC
> i386
>
> freeradius3-3.0.14 compiled from the ports
>
> The error message is:
>
> Error: Refusing to start with libssl version OpenSSL 1.0.1s-freebsd 1 Mar
> 2016 0x1000113f (1.0.1s release) (in range 1.0.1 release - 1.0.1t rele)
> Error: Security advisory CVE-2016-6304 (OCSP status request extension)
>
> This error was corrected in FreeBSD-SA-16:26.openssl
>
> Obviously FreeRadius is only comparing the version number of OpenSSL and
> does not do a good job at checking the fact that the error has been
> corrected or not.
>
> So how do you run FreeRadius3 on FreeBSD 10.3-RELEASE?
>
> Thanks in advance.
>
> Olivier
>
>
> --
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list