* Paul Hampson <[EMAIL PROTECTED]> [2005-03-20 03:50]: > On Sat, Mar 19, 2005 at 02:06:56PM +0100, Wolfram Schlich wrote: > > * Paul Hampson <[EMAIL PROTECTED]> [2005-03-19 04:56]: > > > On Sat, Mar 19, 2005 at 03:52:52AM +0100, Wolfram Schlich wrote: > > > > * Wolfram Schlich <[EMAIL PROTECTED]> [2005-03-17 00:55]: > > > > [ MySQL+SSL patch for FreeRADIUS ] > > > > Ok, I have sat down and hacked something together, with a little help > > > > from a friend. I probably did something wrong or suboptimal (as I > > > > said, I am not a C coder), but at a first glance, it seems to work fine. > > > > Here's the patch: > > > > > > > > > http://dev.gentoo.org/~wschlich/src/freeradius-1.0.2-mysql-ssl.patch > > > > Please remember to post patches to the list for easier discussion. > > > Ok, sorry. > > > > And also, this sort of patch would probably be best against HEAD. > > > > The patch wasn't meant as an official submission for upstream, but > > as a basis for a discussion :) > > Yeah, sorry about that. I didn't notice this was on -user intead of > -devel, and treated it as if it was on the latter. >_<
Not your fault. I should have labelled it accordingly :-) > > > I don't > > > give it much chance of getting into 1.0.3, especially since MySQL don't > > > distribute SSL-enabled binaries. > > > > What does the MySQL client distribution policy have to do > > with this?! *wonder* > > Basically, things going into 1.0.3 (if it happens) are bug fixes, not > feature changes. The fact that you have to recompile your mySQL locally > anyway to enable SSL makes it reasonable to me to say this change is > something you can patch in yourself as well. Well, using Gentoo Linux for example, when you have the 'ssl' USE flag set, which is the default, MySQL will be compiled with SSL support right from the start, so there's no need to re-compile it if you have already installed it. > If upstream binaries were coming SSL-enabled, we could almost build a > case that this is a bug, rather than a new feature. I still don't see why we have to depend the inclusion of this kind of functionality on MySQL distribution binaries. It doesn't affect Gentoo or other source based distros at all for example. > Still, it has to get into HEAD before I'll consider it for 1.0.3, so one > hurdle at a time. Ok. I will post something to -devel asking for help on how to deal with it :o) > > > They're apparently moving away from > > > OpenSSL in the server, but no indication that they're going to > > > un-OpenSSL the _client_ libraries. [1] [2] > > > Well, OpenSSL or GnuTLS -- it doesn't matter as long as the > > MySQL protocol keeps supporting SSL'd connections... > > I have posted a comment to [2] in order to get some more information > > from that MySQL guy. > > It matters as far as distributing binaries goes. You can't distribute a > binary that links GPL code without any exception (such as FreeRADIUS and > many of its depended-on libraries) with OpenSSL. Ah, of course. But well, binaries is just an additional form of distribution for me, source is the main one IMHO. You could disable SSL by default in the configure script btw. > It's slightly more complicated than that, but there is a license issue > of some kind which needs to be looked out for. It doesn't really affect > _us_, but it's something to be mindful of when playing with these > things. Yup, thanks for your thoughts. -- Wolfram Schlich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
