aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-connectivity/freeradius/files
Commit message (Collapse)AuthorAgeFilesLines
* freeradius: check existence of openssl's commands in bootstrapKai Kang2021-04-211-0/+38
| | | | | | | | | | | | | It calls openssl's commands 'dhparam' and 'pkcs12' in script bootstrap. These commands are configurable based on configure options 'no-dh' and 'no-des', and may not be provided by openssl. So check existence of these commands. If not, abort running of script bootstrap. 1. https://github.com/openssl/openssl/blob/master/apps/build.info#L37 2. https://github.com/openssl/openssl/blob/master/apps/build.info#L22 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: Upgrade to 3.0.21Mingli Yu2021-04-061-58/+0
| | | | | | | | Drop one patch at the issue is already fixed in new version (307678b268 Fix rlm_python3 build) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix build failure with autoconf 2.71Hongxu Jia2021-02-071-0/+42
| | | | | | | | | | | | | While using autoconf 2.71, the AM_MISSING_PROG caused unexpected error: ... configure.ac: error: required file 'missing' not found ... Since these tools were explicitly added by autotools bbclass, remove the testing to workaround the error with autoconf 2.7 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix the occasional verification failureMingli Yu2020-08-051-0/+135
| | | | | | | | | | | | | | | | | | | | | | | Fixes: # cd /etc/raddb/certs # ./bootstrap [snip] chmod g+r ca.key openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever' -passout pass:'whatever' chmod g+r server.pem C = FR, ST = Radius, O = Example Inc., CN = Example Server Certificate, emailAddress = admin@example.org error 7 at 0 depth lookup: certificate signature failure 140066667427072:error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus:../openssl-1.1.1g/crypto/rsa/rsa_ossl.c:553: 140066667427072:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:../openssl-1.1.1g/crypto/asn1/a_verify.c:170: error server.pem: verification failed make: *** [Makefile:107: server.vrfy] Error 2 It seems the ca.pem mismatchs server.pem which results in failing to execute "openssl verify -CAfile ca.pem server.pem", so add the logic to check the file to avoid inconsistency. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix the existed certificate errorMingli Yu2020-07-131-0/+55
| | | | | | | | | | | | | | | | | | | | | | | | Fixes the occasional error: # cd /etc/raddb/certs # ./bootstrap [snip] openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key 'whatever' -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf Using configuration from ./client.cnf Check that the request matches the signature Signature ok ERROR:There is already a certificate for /C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org The matching entry has the following details Type :Valid Expires on :200908024833Z Serial Number :02 File name :unknown Subject Name :/C=FR/ST=Radius/O=Example Inc./CN=user@example.org/emailAddress=user@example.org make: *** [Makefile:128: client.crt] Error 1 Add the check to fix the above error and it does the same for server.crt. Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: upgrade 3.0.19 -> 3.0.20Yi Zhao2020-02-062-104/+58
| | | | | | | | | | | * Drop backported patch: 0001-su-to-radiusd-user-group-when-rotating-logs.patch * Disable python2 module build and add PACKAGECONFIG for python3 module build Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix PIDFile path in radiusd.service fileTrevor Gamblin2019-10-211-2/+2
| | | | | | | | | | | | | | radiusd.service references a legacy path for its PIDFile, which results in a warning at boot: systemd[1]: /lib/systemd/system/radiusd.service:7: PIDFile= references a path below legacy directory /var/run/, updating /var/run/radiusd/radiusd.pid → /run/radiusd/radiusd.pid; please update the unit file accordingly. Modify the recipe's radiusd.service file to use the correct path. Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix CVE-2019-10143Yi Zhao2019-10-161-0/+104
| | | | | | | | | | | Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-10143 Patch from: https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: upgrade 3.0.17 -> 3.0.19Changqing Li2019-09-024-252/+23
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: update radiusd.serviceChangqing Li2019-02-271-1/+0
| | | | | | | | | Update radiusd.service that not run script /etc/raddb/certs/bootstrap before start radiusd. The script makes a set of default certificates. It should be only used for test purpose. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: fix radiusd.service startup failed problemChangqing Li2018-10-101-0/+44
| | | | | | | | | | | | | during radiusd start up, it will check several CVEs of libssl, if allow_vulnerable_openssl set to no and one of the CVEs is matched, radiusd will not startup. in tls.c, two CVEs's version number is wrong, and after upgrade openssl to 1.1.1, one CVE matched, so startup failed. correct the version numner to make radiusd startup successfully. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: upgrade 3.0.15 -> 3.0.17Changqing Li2018-07-272-81/+37
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* freeradius: Upgrade to 3.0.14Khem Raj2017-06-281-0/+28
| | | | | | | | | | | | | | | Fix a cross compile issue where it was looking for samba headers in build host. in src/modules/rlm_mschap/config.log Fix cc1: warning: include location "/usr/include/samba-4.0/" is unsafe for cross-compilation [-Wpoison-system-directories] Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* freeradius: add new recipeJackie Huang2017-06-2814-0/+1091
FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol, as defined in RFC 2865 (and others). Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>