Am Sat, 17 May 2014 02:09:07 +0200 schrieb "Dr. Peter Voigt" <pvo...@uos.de>:
> I have just noticed that my freeradius2 2.2.5 server refuses to start > with the following message: > > radiusd: Refusing to start with libssl version OpenSSL 1.0.1e-freebsd > 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 > (Heartbleed) > radiusd: For more information see http://heartbleed.com > > My freeradius2 package is built against the openssl version of the > base system: > > # openssl version > OpenSSL 1.0.1e-freebsd 11 Feb 2013 > > The base openssl version did not change after applying the various > security patches, where "FreeBSD Security Advisory > FreeBSD-SA-14:06.openssl" in particular solved the heartbleed issue: > > # uname -r > 10.0-RELEASE-p3 > > So how can I tell freeradius2 that it is built against a heardbleed > save, e.g. patched, openssl version in spite of the low version > number? > > Regards, > Peter Well, I just found the solution after studying the freeradius changelog: FreeRADIUS 2.2.5 Monday 28 Apr 2014 15:20:00 EDT, urgency=medium ... * Forbid running with vulnerable versions of OpenSSL. See "allow_vulnerable_openssl" in the "security" subsection of "radiusd.conf" ... My radius server is now starting again. Sorry for the noise but I used portmaster to upgrade from version 2.2.4 and this usually deletes the sources including the changelog. And my radiusd.conf remained untouched with no hint the the new available switch. Regards, Peter _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
