freeradius2 2.2.5 refuses to start when built against patched base openssl 1.0.1e
Dr. Peter Voigt
pvoigt at uos.de
Sat May 17 00:10:18 UTC 2014
I have just noticed that my freeradius2 2.2.5 server refuses to start
with the following message:
radiusd: Refusing to start with libssl version OpenSSL 1.0.1e-freebsd
11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160
(Heartbleed)
radiusd: For more information see http://heartbleed.com
My freeradius2 package is built against the openssl version of the base
system:
# openssl version
OpenSSL 1.0.1e-freebsd 11 Feb 2013
The base openssl version did not change after applying the various
security patches, where "FreeBSD Security Advisory
FreeBSD-SA-14:06.openssl" in particular solved the heartbleed issue:
# uname -r
10.0-RELEASE-p3
So how can I tell freeradius2 that it is built against a heardbleed
save, e.g. patched, openssl version in spite of the low version number?
Regards,
Peter
More information about the freebsd-ports
mailing list