Radsecproxy 1.8.0-rc1 as the final testing before the actual release has been published.
Since 1.8.0-beta, explicit check of SubjectAltName:DNS and :IP has been added.
Any testing is highly appreciated.
Thanks and best regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
radsecproxy 1.8.0-beta is ready to be tested.
The main focus of this release is attribute rewrite including add attribute if not present (supplementAttribute), and automatic detection of status-server.
For further details see ChangeLog and manpages.
Get this beta release directly on github https://github.com/radsecproxy/radsecproxy/releases/tag/1.8.0-beta
Please help test this release and report any issues you might find on github.
Thanks and best regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
Hello.
I am trying to compile the radsecproxy using the modified openssl to use a
specific cipher.
However, if I set configure to look for openssl in a particular library and
compile radsecproxy, it will fail with multiple errors.
I want to know the cause. Am I trying it wrong?
Below is the error log.
gcc -DPACKAGE_NAME=\"radsecproxy\" -DPACKAGE_TARNAME=\"radsecproxy\" -
DPACKAGE_VERSION=\"1.6.9\" -DPACKAGE_STRING=\"radsecproxy\ 1.6.9\" -
DPACKAGE_BUGREPORT=\"radsecproxy(a)lists.nordu.net\" -DPACKAGE_URL=\"\" -
DPACKAGE=\"radsecproxy\" -DVERSION=\"1.6.9\" -DHAVE_MALLOPT=1 -
DUSE_OPENSSL=1 -I. -DSYSCONFDIR=\"/usr/local/etc\" -g -Wall -Werror -fno-
strict-aliasing -I/usr/local/openssl-aria/include -I/usr/local/openssl-
aria/include/openssl -Wall -pedantic -Wno-long-long -pthread -DRADPROT_UDP -
DRADPROT_TCP -DRADPROT_TLS -DRADPROT_DTLS -g -O2 -MT dtls.o -MD -MP -MF
.deps/dtls.Tpo -c -o dtls.o dtls.c
dtls.c: In function ‘dtlsread’:
dtls.c:175:15: error: dereferencing pointer to incomplete type
BIO_free(ssl->rbio);
^
dtls.c:176:6: error: dereferencing pointer to incomplete type
ssl->rbio = rbio;
^
dtls.c: In function ‘dtlsacccon’:
dtls.c:217:25: error: dereferencing pointer to incomplete type
BIO_free(ssl->rbio);
^
dtls.c:218:16: error: dereferencing pointer to incomplete type
ssl->rbio = getrbio(ssl, rbios, 5);
^
dtls.c:219:21: error: dereferencing pointer to incomplete type
if (!ssl->rbio)
^
dtls.c: In function ‘dtlsserverwr’:
dtls.c:292:3: error: ‘ERR_remove_state’ is deprecated (declared at
/usr/local/openssl-aria/include/openssl/err.h:260) [-Werror=deprecated-
declarations]
ERR_remove_state(0);
^
dtls.c: In function ‘dtlsservernew’:
dtls.c:414:5: error: ‘ERR_remove_state’ is deprecated (declared at
/usr/local/openssl-aria/include/openssl/err.h:260) [-Werror=deprecated-
declarations]
ERR_remove_state(0);
^
dtls.c: In function ‘dtlsclientrd’:
dtls.c:671:5: error: ‘ERR_remove_state’ is deprecated (declared at
/usr/local/openssl-aria/include/openssl/err.h:260) [-Werror=deprecated-
declarations]
ERR_remove_state(0);
^
cc1: all warnings being treated as errors
Below is the modified Makefile source. Please look at the check_ssl_dir
4047 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL" >&5
4048 $as_echo_n "checking for OpenSSL... " >&6; }
4049 SSL_DIR=
4050 found_ssl="no"
4051
4052 # Check whether --with-ssl was given.
4053 if test "${with_ssl+set}" = set; then :
4054 withval=$with_ssl; check_ssl_dir="/usr/local/openssl-aria"
4055 else
4056 check_ssl_dir="/usr/local/openssl-aria"
4057 fi
4058
4059 for dir in $check_ssl_dir ; do
4060 ssldir="$dir"
4061 if test -f "$dir/include/openssl/ssl.h"; then
4062 found_ssl="yes";
4063 SSL_DIR="${ssldir}"
4064 SSL_CFLAGS="-I$ssldir/include -I$ssldir/include/openssl";
4065 break;
4066 fi
4067 if test -f "$dir/include/ssl.h"; then
4068 found_ssl="yes";
4069 SSL_DIR="${ssldir}"
4070 SSL_CFLAGS="-I$ssldir/include/";
4071 break
4072 fi
4073 done
#####################################################
(주)누리텔레콤 신현오
사원 / 전력IoT개발팀
Mobile: 010-4796-2043
Office: 02-781-0755
Address : 전라남도 나주시 우정로 56 (토담리치타워 A동 501호)
#####################################################
Is the radsecproxy cipher setting impossible?
Hello, I am developing a security server using Radsecproxy. I want to ask
you because there is no option to designate a cipher in the
radsecproxy.conf. What should I do?
#####################################################
(주)누리텔레콤 신현오
사원 / 전력IoT개발팀
Mobile: 010-4796-2043
Office: 02-781-0755
Address : 전라남도 나주시 우정로 56 (토담리치타워 A동 501호)
#####################################################
Hello all,
We have implemented RADSECPROXY for one of our customers as proof of
concept. At feature level everything is looking fine.
But currently we are seeing several issues on scaling. Do you have any
tools that can be recommended for scale/performance testing of RADSEC.
Thanks
Gopa
Dear radsecproxy community,
After no major issues have been reported on the release candidate, I'm happy to announce that radsecproxy-1.7.2 is now available. Get it on https://radsecproxy.github.io
There have been no changes since the release candidate, other than documentation.
This is a maintenance release that mostly fixes build issues on different platforms and a few tls related issues.
Please see ChangeLog for details.
Thanks to everybody who contributed to radsecproxy!
Best regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
Dear radsecproxy community,
A release candidate for radsecproxy 1.7.2 is now available on github (https://github.com/radsecproxy/radsecproxy/releases)
This is a maintenance release that mostly addresses build issues on different platforms and a few tls related issues.
Thanks to everyone who reported and helped fix these issues.
If you got the time, please test the release candidate and check if your reported issues are correctly fixed.
If everything goes well, this will become the actual 1.7.2 release by end of this week.
Best regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
Dear radsecproxy community,
We are very pleased to announce the release of radsecproxy 1.7.1
The main improvements are stability, even under high load.
And we now consider Dynamic Discovery to be stable.
Get the release on https://radsecproxy.github.io
Many thanks to everybody who helped in testing, debugging, finding and fixing issues!
Best regards,
Fabian
--
SWITCH
Fabian Mauchle, Network Engineer
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
Phone +41 44 268 15 30, direct +41 44 268 15 39
fabian.mauchle(a)switch.ch, http://www.switch.ch
subjectaltnameaddr() in tlscommon.c is passed a struct in6_addr * as a parameter. Near the end of the function, it calls memcmp() to compare that address to one found in the certificate, however, it is taking the address of the argument, meaning it's passing a struct in6_addr ** to memcmp(), which is incorrect. Fix is to remove the & from addr in the memcmp.
Dear Samia,
since DFN (eduroam federation Germany) has already deployed a RadSec infrastructure in Germany,
please contact me directly via email and let me know what you are planning exactly.
On federation level I would wait for radsecproxy 1.7.1 release what will comme out soon.
1.7.1 is much more stable and dynamic server discovery is not working stable in releases
<=1.6.9!
On institution level running 1.6.9 is sufficient.
Best regards,
Ralf
--
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1, D - 10178 Berlin
Tel.: 030 88 42 99 23
Fax: 030 88 42 99 70
http://www.dfn.de <http://www.dfn.de/>
Vorstand: Prof. Dr. Hans-Joachim Bungartz (Vorsitzender), Dr. Ulrike Gutheil, Dr. Rainer Bockholt
Geschäftsführung: Dr. Christian Grimm, Jochem Pattloch
