| Age | Commit message (Collapse) | Author |
|---|
|
Fixes:
# cd /etc/raddb/certs
# ./bootstrap
[snip]
chmod g+r ca.key
openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever'
chmod g+r server.pem
C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org
error 7 at 0 depth lookup: certificate signature failure
140066667427072:error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:../openssl-1.1.1g/crypto/rsa/rsa_ossl.c:553:
140066667427072:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1g/crypto/asn1/a_verify.c:170:
error server.pem: verification failed
make: *** [Makefile:107: server.vrfy] Error 2
It seems the ca.pem mismatchs server.pem which results in failing to
execute "openssl verify -CAfile ca.pem server.pem", so add the logic
to check the file to avoid inconsistency.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes the occasional error:
# cd /etc/raddb/certs
# ./bootstrap
[snip]
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
Using configuration from ./client.cnf
Check that the request matches the signature
Signature ok
ERROR:There is already a certificate for /C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
The matching entry has the following details
Type :Valid
Expires on :200908024833Z
Serial Number :02
File name :unknown
Subject Name :/C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org
make: *** [Makefile:128: client.crt] Error 1
Add the check to fix the above error and it does the same for server.crt.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
fix error:
Fetcher failure: Repository
git://github.com/FreeRADIUS/freeradius-server.git has LFS content,
install git-lfs on host to download (or set lfs=0 to ignore it)
upstream has file .lfsconfig to make it not download lfs files by
default, so we also don't download it by default
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* Drop backported patch:
0001-su-to-radiusd-user-group-when-rotating-logs.patch
* Disable python2 module build and add PACKAGECONFIG for python3 module
build
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
This change makes the parsing go though, we still might have build
issues, which will be reported in world builds seprately
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixed make clean error:
NOTE: make clean
Makefile:36: *** Missing 'Make.inc' Run './configure [options]' and retry. Stop.
ERROR: oe_runmake failed
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
radiusd.service references a legacy path for its PIDFile, which
results in a warning at boot:
systemd[1]: /lib/systemd/system/radiusd.service:7: PIDFile= references a path
below legacy directory /var/run/, updating /var/run/radiusd/radiusd.pid →
/run/radiusd/radiusd.pid; please update the unit file accordingly.
Modify the recipe's radiusd.service file to use the correct path.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-10143
Patch from:
https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
freeradius fails to build for armv5:
| *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
| *** libfreeradius-server.so is not portable!
|
| *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
| *** libfreeradius-eap.so is not portable!
path -Wl,/yow-lpggp31/tgamblin/freeradius.build/tmp-glibc/work/armv5e-oe-linux-gnueabi/freeradius/3.0.19-r0/git/build/lib/local//.libs
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_compare_exchange_8'
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_load_8'
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_store_8'
| collect2: error: ld returned 1 exit status
| scripts/boiler.mk:630: recipe for target 'build/bin/local/radeapclient' failed
Explicitly link libatomic to fix the issue.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* fixes:
ERROR: QA Issue: /usr/bin/radcrypt contained in package freeradius-utils requires /usr/bin/perl, but no providers found in RDEPENDS_freeradius-utils? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Update radiusd.service that not run script /etc/raddb/certs/bootstrap
before start radiusd. The script makes a set of default certificates. It
should be only used for test purpose.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
during radiusd start up, it will check several CVEs of libssl,
if allow_vulnerable_openssl set to no and one of the CVEs is
matched, radiusd will not startup.
in tls.c, two CVEs's version number is wrong, and after upgrade openssl
to 1.1.1, one CVE matched, so startup failed. correct the version numner
to make radiusd startup successfully.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
* Upgrade to 3.0.15 to fix many CVE issues.
* There is a defect for disabling dhcp feature:
https://github.com/FreeRADIUS/freeradius-server/issues/2039
We don't need the dhcp feature but it's harmless
to enable it, so enable it as the default.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Fix a cross compile issue where it was looking for samba headers
in build host.
in src/modules/rlm_mschap/config.log
Fix
cc1: warning: include location "/usr/include/samba-4.0/" is unsafe for cross-compilation [-Wpoison-system-directories]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
FreeRADIUS is an Internet authentication daemon,
which implements the RADIUS protocol, as defined
in RFC 2865 (and others).
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
Mingli Yu
Changqing Li
Yi Zhao
Khem Raj
Trevor Gamblin
Martin Jansa
Jackie Huang