From 86b7a9ed542ecd1d3d6d030a080af20d8c6d1dcd Mon Sep 17 00:00:00 2001 From: Leonardo Arena Date: Fri, 16 Oct 2015 14:12:31 +0000 Subject: main/freeradius: fix EAP-TLS with OpenSSL 1.0.2 http://lists.freeradius.org/pipermail/freeradius-users/2015-October/080276.html --- main/freeradius/APKBUILD | 12 ++++--- ...ignore-callbacks-for-pseudo-content-types.patch | 42 ++++++++++++++++++++++ 2 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 main/freeradius/freeradius-310-ignore-callbacks-for-pseudo-content-types.patch (limited to 'main/freeradius') diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD index aa81554ba0..52adc2782b 100644 --- a/main/freeradius/APKBUILD +++ b/main/freeradius/APKBUILD @@ -5,7 +5,7 @@ pkgname=freeradius _realname=freeradius pkgver=3.0.10 -pkgrel=0 +pkgrel=1 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" url="http://freeradius.org/" arch="all" @@ -32,6 +32,7 @@ source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz disable-cert-generation.patch freeradius-305-default-config.patch fix-scopeid.patch + freeradius-310-ignore-callbacks-for-pseudo-content-types.patch " _builddir="$srcdir"/$_realname-server-$pkgver @@ -298,18 +299,21 @@ e27f11a11fa167b5185d3e11de79d3bc freeradius.initd d86558365a1deea4914ed139797805b0 musl-fix-headers.patch ecd9ecfba4cf86a203de6faf8398c44a disable-cert-generation.patch f8a7b00835f2108acc06af212cede16e freeradius-305-default-config.patch -5171fca6629baeb274a9b17e02683163 fix-scopeid.patch" +5171fca6629baeb274a9b17e02683163 fix-scopeid.patch +33381b3a80d2e091a0f0250edb66223e freeradius-310-ignore-callbacks-for-pseudo-content-types.patch" sha256sums="e8825518bde1d9787f7f9ea1e9fec7ae5282af9c3362d2fa360f60c4db6f77ec freeradius-server-3.0.10.tar.gz 2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 freeradius.confd a5208f13420c28446b85dfc48cb9193a4651c994d15cc2c9b0bc43734c66e8f0 freeradius.initd 872aaebf86a663f819460d98924a9dc1f3e428facac6930dc98d1e442df1633f musl-fix-headers.patch 008fa3a4da7b3c01df238bf492a8ccda4077289c02c553a60ad8f4439ec136a2 disable-cert-generation.patch 02cad546ffaf3f9be531cb45b96c7fb31f83c717e40ece4ff28a73c86f921f33 freeradius-305-default-config.patch -aad4796f06a5891b3d48d6ded926ffeb7b9fa84cc1c4a1f1be76bced02694023 fix-scopeid.patch" +aad4796f06a5891b3d48d6ded926ffeb7b9fa84cc1c4a1f1be76bced02694023 fix-scopeid.patch +c9797672a1aa5b67206239d34aea9fb0d550af892fc848515b0f48647fa033aa freeradius-310-ignore-callbacks-for-pseudo-content-types.patch" sha512sums="7546d54ca9ae1189f17fa97a8c6f6e15486d61dda8819b15f883ba48fbd6629f4728ba41490b51cb08eb1399090c16eca1b559c22ee19f3a770f1ce7ce23a8d5 freeradius-server-3.0.10.tar.gz e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b freeradius.confd ba3c424d4eabb147c7aa3e31575a87ddb26b6a792d2a8714e73d8763e07854326a03a83991a7420246ca06bf0b93d0a6f23ec198f5e48647f9d25b40067e852a freeradius.initd c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch 09b78c6baa992f82ab81c43aad6792536a4708d460170f0a373e242a5fafe8db10662dc7fcef99a966b828ed91fa7fe38567c961c938de9a447f1ee03aebb142 disable-cert-generation.patch b69b899da6f80dbdb7422847536e37461315ba587a07fedc1eee28b96be7d16993b758ccd34e3a271ce2937d72c6ddff878aec61a3a4c0750deaaa959d10ed5e freeradius-305-default-config.patch -41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch" +41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234 fix-scopeid.patch +35533488015d5f4b829c2a6c962a437ca50c7d86bb0d650fc621770cddb3108e92e9fe5f88b3b9d7657fcc9b91e5b00162aa125ed9a4374229b930d62cc0d847 freeradius-310-ignore-callbacks-for-pseudo-content-types.patch" diff --git a/main/freeradius/freeradius-310-ignore-callbacks-for-pseudo-content-types.patch b/main/freeradius/freeradius-310-ignore-callbacks-for-pseudo-content-types.patch new file mode 100644 index 0000000000..68beb272c5 --- /dev/null +++ b/main/freeradius/freeradius-310-ignore-callbacks-for-pseudo-content-types.patch @@ -0,0 +1,42 @@ +From b7b5493c61aeb4e5cb9ba218d8c5553f580ceee6 Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell +Date: Fri, 9 Oct 2015 16:32:45 -0400 +Subject: [PATCH] Ignore callbacks for pseudo content types. Fixes EAP-TTLS + MSCHAPv2 (and possibly others) with OpenSSL 1.0.2 + +--- + src/main/cb.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/src/main/cb.c b/src/main/cb.c +index 2f38f77..f6880a2 100644 +--- a/src/main/cb.c ++++ b/src/main/cb.c +@@ -83,11 +83,26 @@ void cbtls_msg(int write_p, int msg_version, int content_type, + tls_session_t *state = (tls_session_t *)arg; + + /* ++ * OpenSSL 1.0.2 calls this function with 'pseudo' ++ * content types. Which breaks our tracking of ++ * the SSL Session state. ++ */ ++ if ((msg_version == 0) && (content_type > UINT8_MAX)) { ++ DEBUG4("Ignoring cbtls_msg call with pseudo content type %i, version %i", ++ content_type, msg_version); ++ return; ++ } ++ ++ /* + * Work around bug #298, where we may be called with a NULL + * argument. We should really log a serious error + */ + if (!state) return; + ++ /* ++ * 0 - received (from peer) ++ * 1 - sending (to peer) ++ */ + state->info.origin = write_p; + state->info.content_type = content_type; + state->info.record_len = len; + -- cgit v1.2.3