/freeradius-server

New issue

3.0.12 build failure in rlm_eap_fast under FreeBSD 9.3 #1803

Closed
zi0r opened this Issue Oct 22, 2016 · 6 comments

Comments

Assignees

@jimdigriz jimdigriz

Labels
defect v3.0.x v4.0.x
Projects
None yet
Milestone
No milestone
5 participants
@zi0r @alandekok @Zenitur @jimdigriz @arr2036
@zi0r

zi0r commented Oct 22, 2016 edited

Build failure in rlm_eap_fast under FreeBSD 9.3 (which has openssl 0.9.8).

  • Defect - Build failure

How to reproduce issue

Attempt to build freeradius 3.0.12 under FreeBSD 9.3.

...
CC src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
CC src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
In file included from src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c:28:
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.h:134: error: 'EVP_GCM_TLS_TAG_LEN' undeclared here (not in a function)
src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c: In function '_session_ticket':
src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c:356: warning: implicit declaration of function 'SSL_set_session_secret_cb'
src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c: In function 'mod_session_init':
src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c:563: warning: implicit declaration of function 'SSL_set_session_ticket_ext_cb'
gmake: *** [scripts/boiler.mk:635: build/objs/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.lo] Error 1
gmake: *** Waiting for unfinished jobs....
In file included from src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c:26:
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.h:134: error: 'EVP_GCM_TLS_TAG_LEN' undeclared here (not in a function)
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c: In function 'openssl_get_keyblock_size':
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c:55: warning: passing argument 1 of 'EVP_MD_CTX_md' from incompatible pointer type
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c:59: error: 'struct <anonymous>' has no member named 'new_mac_secret_size'
gmake: *** [scripts/boiler.mk:635: build/objs/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.lo] Error 1
===> Compilation failed unexpectedly.```

jimdigriz was assigned by arr2036 Oct 22, 2016

@arr2036 arr2036 added defect v3.0.x v4.0.x labels Oct 22, 2016

@alandekok alandekok added a commit that referenced this issue Oct 22, 2016

@alandekok alandekok Check for new OpenSSL. Fixes #1803 
Old versions of OpenSSL don't have the necessary functions or
macro definitions, so we don't build rlm_eap_fast for them.
This commit was signed with a verified signature.
@alandekok alandekok Alan DeKok
GPG key ID: 7D0E79CD77621ECD Learn about signing commits
c12648e
@alandekok
Owner

alandekok commented Oct 22, 2016

https://www.openssl.org/source/ says:

The 0.9.8 and 1.0.0 versions are now out of support and should not be used.

The simplest approach is to not build rlm_eap_fast if OpenSSL is too old.
@zi0r

zi0r commented Oct 22, 2016

FreeBSD backports the security patches, as do other OS'. It's likely this will surface again.

I patched the port to not build rlm_eap_fast on anything older then FreeBSD 10. This sounds like a fine solution to me.

alandekok closed this in 7233217 Oct 23, 2016

@alandekok
Owner

alandekok commented Oct 23, 2016

Port patches are fine for older versions. It may be worth adding a note that from 3.0.13 on, the port patch shouldn't be necessary.

@lytboris lytboris pushed a commit to lytboris/freeradius-server that referenced this issue Nov 8, 2016

@alandekok alandekok + Boris Lytochkin Check for new OpenSSL. Fixes #1803 
Old versions of OpenSSL don't have the necessary functions or
macro definitions, so we don't build rlm_eap_fast for them.
 a12e4f5
@Zenitur

Zenitur commented Nov 10, 2016 edited

Is any workaround for OpenSSL 0.9.8? I just trying to make a package for Long-Time Support Linux distribution. https://build.opensuse.org/package/show/home:linux4humans:sle11_software/hostapd
@alandekok
Owner

alandekok commented Nov 10, 2016

Just disable the rlm_eap_fast module.
@Zenitur

Zenitur commented Nov 10, 2016

@alandekok thank you!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment