Compatibility issues between freeradius 2.2.8 and openssl 1.0.2g

  Ubuntu is free to create a patch themselves. For us, v2 is EOL, and has been EOL for over a year. We encourage everyone to upgrade to v3, which has all of the relevant fixes included. And, which has many more features.

  i.e. if you're going to upgrade OpenSSL to a new release, you might as well upgrade FreeRADIUS, too.

> On Aug 16, 2016, at 12:05 AM, Vasile <email address hidden> wrote:
>
> Public bug reported:
>
> When freeradius 2.2.8 is used with openssl 1.0.2g EAP-TTLS does not work with MSCHAPv2 as an inner protocol. This issue was addressed in freeradius 3.0.11. See below for previous reports:
> http://freeradius.1045715.n5.nabble.com/Warning-about-OpenSSL-1-0-2-td5737109.html
> http://lists.freeradius.org/pipermail/freeradius-users/2015-March/076365.html
> http://freeradius.org/press/index.html#3.0.11 – “Fix compatiblity issues with OpenSSL 1.0.2. Ignore calls to msg_callback with 'pseudo' content types.”
>
>
> Regards,
> Vasile
>
> ** Affects: freeradius (Ubuntu)
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are subscribed to
> freeradius in Ubuntu.
> https://bugs.launchpad.net/bugs/1613462
>
> Title:
> Compatibility issues between freeradius 2.2.8 and openssl 1.0.2g
>
> Status in freeradius package in Ubuntu:
> New
>
> Bug description:
> When freeradius 2.2.8 is used with openssl 1.0.2g EAP-TTLS does not work with MSCHAPv2 as an inner protocol. This issue was addressed in freeradius 3.0.11. See below for previous reports:
> http://freeradius.1045715.n5.nabble.com/Warning-about-OpenSSL-1-0-2-td5737109.html
> http://lists.freeradius.org/pipermail/freeradius-users/2015-March/076365.html
> http://freeradius.org/press/index.html#3.0.11 – “Fix compatiblity issues with OpenSSL 1.0.2. Ignore calls to msg_callback with 'pseudo' content types.”
>
>
> Regards,
> Vasile
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/1613462/+subscriptions

There have been two commits on the freeradius-server 2.x.x sources tree, fixing this problem:

https://github.com/FreeRADIUS/freeradius-server/commit/a8d53ca3684c518216fac9d1dd3e6a9d2daf3639
and
https://github.com/FreeRADIUS/freeradius-server/commit/ffcd1143d43b43f5e28ed2fdcd8f924b79156624

I've merged them into a single patch (see attachment)

Is there any chance to put this patch into the official Ubuntu package?

The attachment "openssl-1.0.2-compat.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Thanks a lot.

Any idea when Ubuntu will upgrade freeradius to 3.0.11 or apply mentioned patch?

FreeRADIUS 3.0 will be in ubuntu zesty/17.04. Backports for yakkety/16.10 and xenial 16.04 are here:
https://launchpad.net/~oibaf/+archive/ubuntu/test/+packages?field.name_filter=freeradius&field.status_filter=published&field.series_filter=