From owner-freebsd-questions@freebsd.org Wed Jun 7 08:02:26 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 78FACBFE0AB for ; Wed, 7 Jun 2017 08:02:26 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 5BD6C6630D for ; Wed, 7 Jun 2017 08:02:26 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: by mailman.ysv.freebsd.org (Postfix) id 5761CBFE0AA; Wed, 7 Jun 2017 08:02:26 +0000 (UTC) Delivered-To: questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55059BFE0A9 for ; Wed, 7 Jun 2017 08:02:26 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F2C526630A for ; Wed, 7 Jun 2017 08:02:25 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id 1C723D7882 for ; Wed, 7 Jun 2017 14:52:53 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :subject:subject:from:from:received:received:received; s= selector1; t=1496821972; x=1498636373; bh=mFrp20Q8cC/Z9qGgk0aiby Qsar/5juxLAJfXjH3M6TU=; b=ZcQ1VDVHAB7iA5BTXXm7r1EfMEbBBggjYJu4WZ 18Gj9/7rPwu/wbKijifoR7E5Y/Vlc10p1mZftv3j/6DW25o69YoTCSKr8TYs0gu3 G7keRl7pxlznC9eHoMy9lOw76wqWRUfJnfHGmVEEUY3pXQrOyFkHlmqJ9uNOl4Yd Q4zcs= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by mail.cs.ait.ac.th (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id mPZy8_UWawRj for ; Wed, 7 Jun 2017 14:52:52 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id 88D95D7881 for ; Wed, 7 Jun 2017 14:52:52 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.15.2/8.15.2/Submit) id v577qqGx000241; Wed, 7 Jun 2017 14:52:52 +0700 (ICT) (envelope-from on@banyan.cs.ait.ac.th) From: Olivier To: questions@freebsd.org Subject: FreeRadius3 on FreeBSD 10.3 Date: Wed, 07 Jun 2017 14:52:52 +0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jun 2017 08:02:26 -0000 Hi, Anybody has succeeded to run FreeRadius3 on FreeBSD 10.3-RELEASE? It is complaining that the version of OpenSSL contains bug, but OpenSSl comes with FreeBSD system and i am prety sure I have applied all security patches (last patch regarding OpenSSL is p17, SA published in february this year). FreeBSD ldap.cs.ait.ac.th 10.3-RELEASE-p17 FreeBSD 10.3-RELEASE-p17 #5 r314483: Thu Mar 2 13:04:10 ICT 2017 root@ldap.cs.ait.ac.th:/usr/obj/usr/src/sys/GENERIC i386 freeradius3-3.0.14 compiled from the ports The error message is: Error: Refusing to start with libssl version OpenSSL 1.0.1s-freebsd 1 Mar 2016 0x1000113f (1.0.1s release) (in range 1.0.1 release - 1.0.1t rele) Error: Security advisory CVE-2016-6304 (OCSP status request extension) This error was corrected in FreeBSD-SA-16:26.openssl Obviously FreeRadius is only comparing the version number of OpenSSL and does not do a good job at checking the fact that the error has been corrected or not. So how do you run FreeRadius3 on FreeBSD 10.3-RELEASE? Thanks in advance. Olivier --