radsecproxy

radsecproxy@lists.nordu.net

72 discussions

radsecproxy 1.8.0-rc1 ready to be tested
by Fabian Mauchle 21 Jun '19

21 Jun '19

Radsecproxy 1.8.0-rc1 as the final testing before the actual release has been published. Since 1.8.0-beta, explicit check of SubjectAltName:DNS and :IP has been added. Any testing is highly appreciated. Thanks and best regards, Fabian -- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39 fabian.mauchle(a)switch.ch, http://www.switch.ch

1 0

radsecproxy 1.8.0 ready to be tested
by Fabian Mauchle 31 May '19

31 May '19

radsecproxy 1.8.0-beta is ready to be tested. The main focus of this release is attribute rewrite including add attribute if not present (supplementAttribute), and automatic detection of status-server. For further details see ChangeLog and manpages. Get this beta release directly on github https://github.com/radsecproxy/radsecproxy/releases/tag/1.8.0-beta Please help test this release and report any issues you might find on github. Thanks and best regards, Fabian -- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39 fabian.mauchle(a)switch.ch, http://www.switch.ch

1 0

Error occurs if a specific openssl is specified and compiled.
by 신현오 18 Feb '19

18 Feb '19

Hello. I am trying to compile the radsecproxy using the modified openssl to use a specific cipher. However, if I set configure to look for openssl in a particular library and compile radsecproxy, it will fail with multiple errors. I want to know the cause. Am I trying it wrong? Below is the error log. gcc -DPACKAGE_NAME=\"radsecproxy\" -DPACKAGE_TARNAME=\"radsecproxy\" - DPACKAGE_VERSION=\"1.6.9\" -DPACKAGE_STRING=\"radsecproxy\ 1.6.9\" - DPACKAGE_BUGREPORT=\"radsecproxy(a)lists.nordu.net\" -DPACKAGE_URL=\"\" - DPACKAGE=\"radsecproxy\" -DVERSION=\"1.6.9\" -DHAVE_MALLOPT=1 - DUSE_OPENSSL=1 -I. -DSYSCONFDIR=\"/usr/local/etc\" -g -Wall -Werror -fno- strict-aliasing -I/usr/local/openssl-aria/include -I/usr/local/openssl- aria/include/openssl -Wall -pedantic -Wno-long-long -pthread -DRADPROT_UDP - DRADPROT_TCP -DRADPROT_TLS -DRADPROT_DTLS -g -O2 -MT dtls.o -MD -MP -MF .deps/dtls.Tpo -c -o dtls.o dtls.c dtls.c: In function ‘dtlsread’: dtls.c:175:15: error: dereferencing pointer to incomplete type BIO_free(ssl->rbio); ^ dtls.c:176:6: error: dereferencing pointer to incomplete type ssl->rbio = rbio; ^ dtls.c: In function ‘dtlsacccon’: dtls.c:217:25: error: dereferencing pointer to incomplete type BIO_free(ssl->rbio); ^ dtls.c:218:16: error: dereferencing pointer to incomplete type ssl->rbio = getrbio(ssl, rbios, 5); ^ dtls.c:219:21: error: dereferencing pointer to incomplete type if (!ssl->rbio) ^ dtls.c: In function ‘dtlsserverwr’: dtls.c:292:3: error: ‘ERR_remove_state’ is deprecated (declared at /usr/local/openssl-aria/include/openssl/err.h:260) [-Werror=deprecated- declarations] ERR_remove_state(0); ^ dtls.c: In function ‘dtlsservernew’: dtls.c:414:5: error: ‘ERR_remove_state’ is deprecated (declared at /usr/local/openssl-aria/include/openssl/err.h:260) [-Werror=deprecated- declarations] ERR_remove_state(0); ^ dtls.c: In function ‘dtlsclientrd’: dtls.c:671:5: error: ‘ERR_remove_state’ is deprecated (declared at /usr/local/openssl-aria/include/openssl/err.h:260) [-Werror=deprecated- declarations] ERR_remove_state(0); ^ cc1: all warnings being treated as errors Below is the modified Makefile source. Please look at the check_ssl_dir 4047 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL" >&5 4048 $as_echo_n "checking for OpenSSL... " >&6; } 4049 SSL_DIR= 4050 found_ssl="no" 4051 4052 # Check whether --with-ssl was given. 4053 if test "${with_ssl+set}" = set; then : 4054 withval=$with_ssl; check_ssl_dir="/usr/local/openssl-aria" 4055 else 4056 check_ssl_dir="/usr/local/openssl-aria" 4057 fi 4058 4059 for dir in $check_ssl_dir ; do 4060 ssldir="$dir" 4061 if test -f "$dir/include/openssl/ssl.h"; then 4062 found_ssl="yes"; 4063 SSL_DIR="${ssldir}" 4064 SSL_CFLAGS="-I$ssldir/include -I$ssldir/include/openssl"; 4065 break; 4066 fi 4067 if test -f "$dir/include/ssl.h"; then 4068 found_ssl="yes"; 4069 SSL_DIR="${ssldir}" 4070 SSL_CFLAGS="-I$ssldir/include/"; 4071 break 4072 fi 4073 done ##################################################### (주)누리텔레콤 신현오 사원 / 전력IoT개발팀 Mobile: 010-4796-2043 Office: 02-781-0755 Address : 전라남도 나주시 우정로 56 (토담리치타워 A동 501호) #####################################################

2 1

Is the radsecproxy cipher setting impossible?
by 신현오 23 Jan '19

23 Jan '19

Is the radsecproxy cipher setting impossible? Hello, I am developing a security server using Radsecproxy. I want to ask you because there is no option to designate a cipher in the radsecproxy.conf. What should I do? ##################################################### (주)누리텔레콤 신현오 사원 / 전력IoT개발팀 Mobile: 010-4796-2043 Office: 02-781-0755 Address : 전라남도 나주시 우정로 56 (토담리치타워 A동 501호) #####################################################

2 1

Performance testing for RADSEC
by Gopa Kumar 07 Sep '18

07 Sep '18

Hello all, We have implemented RADSECPROXY for one of our customers as proof of concept. At feature level everything is looking fine. But currently we are seeing several issues on scaling. Do you have any tools that can be recommended for scale/performance testing of RADSEC. Thanks Gopa

3 2

radsecproxy-1.7.2 released
by Fabian Mauchle 04 Sep '18

04 Sep '18

Dear radsecproxy community, After no major issues have been reported on the release candidate, I'm happy to announce that radsecproxy-1.7.2 is now available. Get it on https://radsecproxy.github.io There have been no changes since the release candidate, other than documentation. This is a maintenance release that mostly fixes build issues on different platforms and a few tls related issues. Please see ChangeLog for details. Thanks to everybody who contributed to radsecproxy! Best regards, Fabian -- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39 fabian.mauchle(a)switch.ch, http://www.switch.ch

1 0

radsecproxy-1.7.2 release candidate
by Fabian Mauchle 27 Aug '18

27 Aug '18

Dear radsecproxy community, A release candidate for radsecproxy 1.7.2 is now available on github (https://github.com/radsecproxy/radsecproxy/releases) This is a maintenance release that mostly addresses build issues on different platforms and a few tls related issues. Thanks to everyone who reported and helped fix these issues. If you got the time, please test the release candidate and check if your reported issues are correctly fixed. If everything goes well, this will become the actual 1.7.2 release by end of this week. Best regards, Fabian -- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39 fabian.mauchle(a)switch.ch, http://www.switch.ch

1 0

radsecproxy 1.7.1 released
by Fabian Mauchle 05 Jul '18

05 Jul '18

Dear radsecproxy community, We are very pleased to announce the release of radsecproxy 1.7.1 The main improvements are stability, even under high load. And we now consider Dynamic Discovery to be stable. Get the release on https://radsecproxy.github.io Many thanks to everybody who helped in testing, debugging, finding and fixing issues! Best regards, Fabian -- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39 fabian.mauchle(a)switch.ch, http://www.switch.ch

1 0

Bug in certificate validation
by Wall, Stephen 27 Jun '18

27 Jun '18

subjectaltnameaddr() in tlscommon.c is passed a struct in6_addr * as a parameter. Near the end of the function, it calls memcmp() to compare that address to one found in the certificate, however, it is taking the address of the argument, meaning it's passing a struct in6_addr ** to memcmp(), which is incorrect. Fix is to remove the & from addr in the memcmp.

1 1

Re: [radsecproxy] RadSEC implementation
by paffrath 22 Jun '18

22 Jun '18

Dear Samia, since DFN (eduroam federation Germany) has already deployed a RadSec infrastructure in Germany, please contact me directly via email and let me know what you are planning exactly. On federation level I would wait for radsecproxy 1.7.1 release what will comme out soon. 1.7.1 is much more stable and dynamic server discovery is not working stable in releases <=1.6.9! On institution level running 1.6.9 is sufficient. Best regards, Ralf -- Verein zur Förderung eines Deutschen Forschungsnetzes e.V. Alexanderplatz 1, D - 10178 Berlin Tel.: 030 88 42 99 23 Fax: 030 88 42 99 70 http://www.dfn.de <http://www.dfn.de/> Vorstand: Prof. Dr. Hans-Joachim Bungartz (Vorsitzender), Dr. Ulrike Gutheil, Dr. Rainer Bockholt Geschäftsführung: Dr. Christian Grimm, Jochem Pattloch

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

radsecproxy