Hi Artur Artur Hecker wrote:
hiYes, the EAP document with the FreeRADIUS 0.7 tar ball indicates that OpenSSL 0.9.6b or later (for example, 0.9.6c - 0.9.6g) should work. Others were having problems with that release, so I tried it, verified that it didn't work, tried to find out why it doesn't work (rlm needs more recent function calls), and found a version that definitely does work. I'm not saying I figured something out that nobody else new, heck, I already new it and was using 0.9.7 snapshots on other machines.ok, i wasn't trying to say that what you did was useless or something. i wanted to clarify things. for my own case, i always just took the newest openssl and it always worked (it was always the most recent 0.9.7) - since march or so... it's good to know exactly, so thanks for the clarification.
Sure thing. I didn't mean to sound defensive.
In any event, the configure routines should indicate which version is needed, and if it is not found, that should be reported as well. Otherwise, wrt to this module anyway, what's the point?the point is not what they should do. i asked if they did because i tend to think that they don't.
You're correct. They don't. :-(
Sorry I wasn't more clear. We were talking about somebody else, but I did try it out to verify it while I was building a new machine to run FreeRADIUS. I used FreeRADIUS 0.7.1 and OpenSSL 0.9.6b and I didn't notice any complaints and the module did build.What I didn't figure out, is why, even if configure succeeds, make did not fail when it tried to compile code referencing functions that did not exists in any of the include files?did you try it out personally? i somehow understood that Alan and you were talking about somebody else's tries. in that case, as i tried to explain, he could have been using a module which was not compiled with the server but before, in some earlier compilation.
I think that I recall having to add the -lcrypto in the past after I ran ./configure, but it appeared to be there in the 0.7.1 release already. (I'm not able to access that machine right now to verify.)in my case, configure NEVER succeds simply because you need a -lcrypto after the -lssl in the makefile (took some time to find this one out)... i.e. the rlm_eap_tls is never compiled if i only do "./configure"... i should try the 0.8 release, perhaps monday, i'm not in the office right now.
I'm not much of an expert when it comes to OpenSSL, but I do understand that some people would be hesitant to run a beta or earlier release of something so integral to their security. While I don't really mind running to versions - one for most things and one for the rlm_eap_tls module - it would be nice to have only one version for everything to use. I was just trying to figure out what version that may be and what the drawbacks to running that particular version of OpenSSL may be.
Sorry for any confusion.
Aron
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
