Commit 122df949 authored by Faidon Liambotis's avatar Faidon Liambotis

Import Upstream version 1.4.3

parent 53b6cda6
...@@ -7,6 +7,7 @@ The following people have contributed to Radsecproxy in one way or ...@@ -7,6 +7,7 @@ The following people have contributed to Radsecproxy in one way or
another: another:
Andreas Solberg Andreas Solberg
Arne Schwabe Arne Schwabe
Faidon Liambotis
Hans Zandbelt Hans Zandbelt
Kolbjørn Barmen Kolbjørn Barmen
Linus Nordberg Linus Nordberg
......
...@@ -79,5 +79,23 @@ ...@@ -79,5 +79,23 @@
Bug fixes: Bug fixes:
- A UDP fragmentation issue. - A UDP fragmentation issue.
- Build on Solaris when compiling with gcc. - Build on Solaris when compiling with gcc.
- A bug in pwdencrypt() with passwords of a leangth greater than - A bug in pwdencrypt() with passwords of a length greater than
16 octets. 16 octets.
2010-11-17 1.4.1
Bug fixes:
- OpenSSL session caching is disabled when built against OpenSSL
older than 1.0.0b to mitigate possible effects of
http://openssl.org/news/secadv_20101116.txt (RADSECPROXY-14).
- Crash bug when reading improper config file fixed.
2010-11-23 1.4.2
Bug fixes:
- Don't disable OpenSSL session caching for 0.9.8p and newer in
the 0.9.x track.
- Detect OpenSSL version at runtime rather than at compile time.
2011-07-22 1.4.3
Notes:
- The default secret for TLS and DTLS will change in a future
relase. Plaese make sure to specify a secret in both client and
server blocks to avoid surprises.
Bug fixes:
- Debug printout issue.
This is radsecproxy 1.4 from June 12 2010. This is radsecproxy 1.4.3 from 22 July 2011.
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS radsecproxy is a generic RADIUS proxy that supports both UDP and TLS
(RadSec) RADIUS transports. There is also experimental support for (RadSec) RADIUS transports. There is also experimental support for
TCP and DTLS. TCP and DTLS.
It should build on most Linux and BSD platforms by simply typing It should build on most Unix and OSX platforms by simply typing
"./configure && make". It is possible to specify which RADIUS "./configure && make". It is possible to specify which RADIUS
transport the build should support. Without any special options to transport the build should support. Without any special options to
configure, all transports supported by the system will be enabled. configure, all transports supported by the system will be enabled.
...@@ -13,7 +13,9 @@ See the output from "configure --help" for how to change this. ...@@ -13,7 +13,9 @@ See the output from "configure --help" for how to change this.
Known build issues: Known build issues:
- Older BSD's (like NetBSD 4.x) need newer OpenSSL in order to support - Older BSD's (like NetBSD 4.x) need newer OpenSSL in order to support
DTLS. Workaround: ./configure --disable-dtls. DTLS. Workaround: ./configure --disable-dtls.
- FreeBSD 6.x needs newer OpenSSL to build at all.
- FreeBSD 6.x need newer OpenSSL to build at all. OpenSSL 1.0.0c from
ports is fine f.ex., configure radsecproxy with `--with-ssl=/usr/local'.
To use radsecproxy you need to create a config file which normally is To use radsecproxy you need to create a config file which normally is
called "/etc/radsecproxy.conf". You can also specify the location called "/etc/radsecproxy.conf". You can also specify the location
......
...@@ -13,8 +13,8 @@ ...@@ -13,8 +13,8 @@
m4_ifndef([AC_AUTOCONF_VERSION], m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],, m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],,
[m4_warning([this file was generated for autoconf 2.65. [m4_warning([this file was generated for autoconf 2.67.
You have another version of autoconf. It may work, but is not guaranteed to. You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely. If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically `autoreconf'.])]) To do so, use the procedure documented by the package, typically `autoreconf'.])])
......
#! /bin/sh #! /bin/sh
# Attempt to guess a canonical system name. # Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
# Free Software Foundation, Inc. # Free Software Foundation, Inc.
timestamp='2009-06-10' timestamp='2009-12-30'
# This file is free software; you can redistribute it and/or modify it # This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by # under the terms of the GNU General Public License as published by
...@@ -27,16 +27,16 @@ timestamp='2009-06-10' ...@@ -27,16 +27,16 @@ timestamp='2009-06-10'
# the same distribution terms that you use for the rest of that program. # the same distribution terms that you use for the rest of that program.
# Originally written by Per Bothner <per@bothner.com>. # Originally written by Per Bothner. Please send patches (context
# Please send patches to <config-patches@gnu.org>. Submit a context # diff format) to <config-patches@gnu.org> and include a ChangeLog
# diff and a properly formatted ChangeLog entry. # entry.
# #
# This script attempts to guess a canonical system name similar to # This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and # config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1. # exits with 0. Otherwise, it exits with 1.
# #
# The plan is that this can be called by configure scripts if you # You can get the latest version of this script from:
# don't specify an explicit build system type. # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
me=`echo "$0" | sed -e 's,.*/,,'` me=`echo "$0" | sed -e 's,.*/,,'`
...@@ -56,8 +56,9 @@ version="\ ...@@ -56,8 +56,9 @@ version="\
GNU config.guess ($timestamp) GNU config.guess ($timestamp)
Originally written by Per Bothner. Originally written by Per Bothner.
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
...@@ -333,6 +334,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ...@@ -333,6 +334,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;; exit ;;
i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
echo i386-pc-auroraux${UNAME_RELEASE}
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
eval $set_cc_for_build eval $set_cc_for_build
SUN_ARCH="i386" SUN_ARCH="i386"
...@@ -807,12 +811,12 @@ EOF ...@@ -807,12 +811,12 @@ EOF
i*:PW*:*) i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32 echo ${UNAME_MACHINE}-pc-pw32
exit ;; exit ;;
*:Interix*:[3456]*) *:Interix*:*)
case ${UNAME_MACHINE} in case ${UNAME_MACHINE} in
x86) x86)
echo i586-pc-interix${UNAME_RELEASE} echo i586-pc-interix${UNAME_RELEASE}
exit ;; exit ;;
EM64T | authenticamd | genuineintel) authenticamd | genuineintel | EM64T)
echo x86_64-unknown-interix${UNAME_RELEASE} echo x86_64-unknown-interix${UNAME_RELEASE}
exit ;; exit ;;
IA64) IA64)
...@@ -854,6 +858,20 @@ EOF ...@@ -854,6 +858,20 @@ EOF
i*86:Minix:*:*) i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix echo ${UNAME_MACHINE}-pc-minix
exit ;; exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
EV56) UNAME_MACHINE=alphaev56 ;;
PCA56) UNAME_MACHINE=alphapca56 ;;
PCA57) UNAME_MACHINE=alphapca56 ;;
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
exit ;;
arm*:Linux:*:*) arm*:Linux:*:*)
eval $set_cc_for_build eval $set_cc_for_build
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
...@@ -876,6 +894,17 @@ EOF ...@@ -876,6 +894,17 @@ EOF
frv:Linux:*:*) frv:Linux:*:*)
echo frv-unknown-linux-gnu echo frv-unknown-linux-gnu
exit ;; exit ;;
i*86:Linux:*:*)
LIBC=gnu
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#ifdef __dietlibc__
LIBC=dietlibc
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
exit ;;
ia64:Linux:*:*) ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;; exit ;;
...@@ -901,39 +930,18 @@ EOF ...@@ -901,39 +930,18 @@ EOF
#endif #endif
#endif #endif
EOF EOF
eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
/^CPU/{
s: ::g
p
}'`"
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
;; ;;
or32:Linux:*:*) or32:Linux:*:*)
echo or32-unknown-linux-gnu echo or32-unknown-linux-gnu
exit ;; exit ;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
exit ;;
ppc64:Linux:*:*)
echo powerpc64-unknown-linux-gnu
exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
EV56) UNAME_MACHINE=alphaev56 ;;
PCA56) UNAME_MACHINE=alphapca56 ;;
PCA57) UNAME_MACHINE=alphapca56 ;;
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
exit ;;
padre:Linux:*:*) padre:Linux:*:*)
echo sparc-unknown-linux-gnu echo sparc-unknown-linux-gnu
exit ;; exit ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
echo hppa64-unknown-linux-gnu
exit ;;
parisc:Linux:*:* | hppa:Linux:*:*) parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level # Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
...@@ -942,8 +950,11 @@ EOF ...@@ -942,8 +950,11 @@ EOF
*) echo hppa-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;;
esac esac
exit ;; exit ;;
parisc64:Linux:*:* | hppa64:Linux:*:*) ppc64:Linux:*:*)
echo hppa64-unknown-linux-gnu echo powerpc64-unknown-linux-gnu
exit ;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-gnu
exit ;; exit ;;
s390:Linux:*:* | s390x:Linux:*:*) s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux echo ${UNAME_MACHINE}-ibm-linux
...@@ -966,58 +977,6 @@ EOF ...@@ -966,58 +977,6 @@ EOF
xtensa*:Linux:*:*) xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu echo ${UNAME_MACHINE}-unknown-linux-gnu
exit ;; exit ;;
i*86:Linux:*:*)
# The BFD linker knows what the default object file format is, so
# first see if it will tell us. cd to the root directory to prevent
# problems with other programs or directories called `ld' in the path.
# Set LC_ALL=C to ensure ld outputs messages in English.
ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
| sed -ne '/supported targets:/!d
s/[ ][ ]*/ /g
s/.*supported targets: *//
s/ .*//
p'`
case "$ld_supported_targets" in
elf32-i386)
TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
;;
esac
# Determine whether the default compiler is a.out or elf
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include <features.h>
#ifdef __ELF__
# ifdef __GLIBC__
# if __GLIBC__ >= 2
LIBC=gnu
# else
LIBC=gnulibc1
# endif
# else
LIBC=gnulibc1
# endif
#else
#if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
LIBC=gnu
#else
LIBC=gnuaout
#endif
#endif
#ifdef __dietlibc__
LIBC=dietlibc
#endif
EOF
eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n '
/^LIBC/{
s: ::g
p
}'`"
test x"${LIBC}" != x && {
echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
exit
}
test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
;;
i*86:DYNIX/ptx:4*:*) i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both # earlier versions are messed up and put the nodename in both
...@@ -1247,6 +1206,16 @@ EOF ...@@ -1247,6 +1206,16 @@ EOF
*:Darwin:*:*) *:Darwin:*:*)
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
case $UNAME_PROCESSOR in case $UNAME_PROCESSOR in
i386)
eval $set_cc_for_build
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
UNAME_PROCESSOR="x86_64"
fi
fi ;;
unknown) UNAME_PROCESSOR=powerpc ;; unknown) UNAME_PROCESSOR=powerpc ;;
esac esac
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
......
#! /bin/sh #! /bin/sh
# Configuration validation subroutine script. # Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
# Free Software Foundation, Inc. # Free Software Foundation, Inc.
timestamp='2009-06-11' timestamp='2010-01-22'
# This file is (in principle) common to ALL GNU software. # This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software # The presence of a machine in this file suggests that SOME GNU software
...@@ -32,13 +32,16 @@ timestamp='2009-06-11' ...@@ -32,13 +32,16 @@ timestamp='2009-06-11'
# Please send patches to <config-patches@gnu.org>. Submit a context # Please send patches to <config-patches@gnu.org>. Submit a context
# diff and a properly formatted ChangeLog entry. # diff and a properly formatted GNU ChangeLog entry.
# #
# Configuration subroutine to validate and canonicalize a configuration type. # Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument. # Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1. # If it is invalid, we print an error message on stderr and exit with code 1.
# Otherwise, we print the canonical config type on stdout and succeed. # Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
# This file is supposed to be the same for all GNU packages # This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases # and recognize all the CPU types, system types and aliases
# that are meaningful with *any* GNU software. # that are meaningful with *any* GNU software.
...@@ -72,8 +75,9 @@ Report bugs and patches to <config-patches@gnu.org>." ...@@ -72,8 +75,9 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\ version="\
GNU config.sub ($timestamp) GNU config.sub ($timestamp)
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
...@@ -149,7 +153,7 @@ case $os in ...@@ -149,7 +153,7 @@ case $os in
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple | -axis | -knuth | -cray) -apple | -axis | -knuth | -cray | -microblaze)
os= os=
basic_machine=$1 basic_machine=$1
;; ;;
...@@ -284,6 +288,7 @@ case $basic_machine in ...@@ -284,6 +288,7 @@ case $basic_machine in
| pdp10 | pdp11 | pj | pjl \ | pdp10 | pdp11 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \ | pyramid \
| rx \
| score \ | score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \ | sh64 | sh64le \
...@@ -291,13 +296,14 @@ case $basic_machine in ...@@ -291,13 +296,14 @@ case $basic_machine in
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
| spu | strongarm \ | spu | strongarm \
| tahoe | thumb | tic4x | tic80 | tron \ | tahoe | thumb | tic4x | tic80 | tron \
| ubicom32 \
| v850 | v850e \ | v850 | v850e \
| we32k \ | we32k \
| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
| z8k | z80) | z8k | z80)
basic_machine=$basic_machine-unknown basic_machine=$basic_machine-unknown
;; ;;
m6811 | m68hc11 | m6812 | m68hc12) m6811 | m68hc11 | m6812 | m68hc12 | picochip)
# Motorola 68HC11/12. # Motorola 68HC11/12.
basic_machine=$basic_machine-unknown basic_machine=$basic_machine-unknown
os=-none os=-none
...@@ -340,7 +346,7 @@ case $basic_machine in ...@@ -340,7 +346,7 @@ case $basic_machine in
| lm32-* \ | lm32-* \
| m32c-* | m32r-* | m32rle-* \ | m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \ | mips16-* \
| mips64-* | mips64el-* \ | mips64-* | mips64el-* \
...@@ -368,15 +374,17 @@ case $basic_machine in ...@@ -368,15 +374,17 @@ case $basic_machine in
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \ | pyramid-* \
| romp-* | rs6000-* \ | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \ | sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \ | tahoe-* | thumb-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile-* | tilegx-* \
| tron-* \ | tron-* \
| ubicom32-* \
| v850-* | v850e-* | vax-* \ | v850-* | v850e-* | vax-* \
| we32k-* \ | we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
...@@ -726,6 +734,9 @@ case $basic_machine in ...@@ -726,6 +734,9 @@ case $basic_machine in
basic_machine=ns32k-utek basic_machine=ns32k-utek
os=-sysv os=-sysv
;; ;;
microblaze)
basic_machine=microblaze-xilinx
;;
mingw32) mingw32)
basic_machine=i386-pc basic_machine=i386-pc
os=-mingw32 os=-mingw32
...@@ -1076,6 +1087,11 @@ case $basic_machine in ...@@ -1076,6 +1087,11 @@ case $basic_machine in
basic_machine=tic6x-unknown basic_machine=tic6x-unknown
os=-coff os=-coff
;; ;;
# This must be matched before tile*.
tilegx*)
basic_machine=tilegx-unknown
os=-linux-gnu
;;
tile*) tile*)
basic_machine=tile-unknown basic_machine=tile-unknown
os=-linux-gnu os=-linux-gnu
...@@ -1247,6 +1263,9 @@ case $os in ...@@ -1247,6 +1263,9 @@ case $os in
# First match some system type aliases # First match some system type aliases
# that might get confused with valid system types. # that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception. # -solaris* is a basic system type, with this one exception.
-auroraux)
os=-auroraux
;;
-solaris1 | -solaris1.*) -solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'` os=`echo $os | sed -e 's|solaris1|sunos4|'`
;; ;;
...@@ -1268,8 +1287,8 @@ case $os in ...@@ -1268,8 +1287,8 @@ case $os in
# -sysv* is not here because it comes later, after sysvr4. # -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -kopensolaris* \ | -sym* | -kopensolaris* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* | -aros* \ | -aos* | -aros* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
...@@ -1290,7 +1309,7 @@ case $os in ...@@ -1290,7 +1309,7 @@ case $os in
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
| -skyos* | -haiku* | -rdos* | -toppers* | -drops*) | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
# Remember, each alternative MUST END IN *, to match a version number. # Remember, each alternative MUST END IN *, to match a version number.
;; ;;
-qnx*) -qnx*)
...@@ -1423,6 +1442,8 @@ case $os in ...@@ -1423,6 +1442,8 @@ case $os in
-dicos*) -dicos*)
os=-dicos os=-dicos
;; ;;
-nacl*)
;;
-none) -none)
;; ;;
*) *)
......
This diff is collapsed.
AC_INIT(radsecproxy, 1.4, radsecproxy@uninett.no) AC_INIT(radsecproxy, 1.4.3, radsecproxy@uninett.no)
AC_CANONICAL_TARGET AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE AM_INIT_AUTOMAKE
AC_PROG_CC AC_PROG_CC
......
...@@ -2417,10 +2417,12 @@ struct modattr *extractmodattr(char *nameval) { ...@@ -2417,10 +2417,12 @@ struct modattr *extractmodattr(char *nameval) {
struct rewrite *getrewrite(char *alt1, char *alt2) { struct rewrite *getrewrite(char *alt1, char *alt2) {
struct rewrite *r; struct rewrite *r;
if ((r = hash_read(rewriteconfs, alt1, strlen(alt1)))) if (alt1)
return r; if ((r = hash_read(rewriteconfs, alt1, strlen(alt1))))
if ((r = hash_read(rewriteconfs, alt2, strlen(alt2)))) return r;
return r; if (alt2)
if ((r = hash_read(rewriteconfs, alt2, strlen(alt2))))
return r;
return NULL; return NULL;
} }
...@@ -2787,7 +2789,7 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) { ...@@ -2787,7 +2789,7 @@ int compileserverconfig(struct clsrvconf *conf, const char *block) {
conf->rewriteout = getrewrite(conf->confrewriteout, NULL); conf->rewriteout = getrewrite(conf->confrewriteout, NULL);
if (!addhostport(&conf->hostports, conf->hostsrc, conf->portsrc, 0)) { if (!addhostport(&conf->hostports, conf->hostsrc, conf->portsrc, 0)) {
debug(DBG_ERR, "error in block %s, failed to parse %s", block, conf->hostsrc); debug(DBG_ERR, "error in block %s, failed to parse %s", block, *conf->hostsrc);
return 0; return 0;
} }
......
This diff is collapsed.
...@@ -360,7 +360,10 @@ We already discussed the ...@@ -360,7 +360,10 @@ We already discussed the
one of <literal>udp</literal>, <literal>tcp</literal>, <literal>tls</literal> one of <literal>udp</literal>, <literal>tcp</literal>, <literal>tls</literal>
or <literal>dtls</literal>. The value of <literal>secret</literal> is the or <literal>dtls</literal>. The value of <literal>secret</literal> is the
shared RADIUS key used with this client. If the secret contains whitespace, shared RADIUS key used with this client. If the secret contains whitespace,
the value must be quoted. This option is optional for TLS/DTLS. the value must be quoted. A secret must be supplied for UDP/TCP. If
no secret is supplied for TLS/DTLS, a default value of "mysecret" is
being used. This value will change in a future release to match the
upcoming standard.
</para> </para>
<para> <para>
For a TLS/DTLS client you may also specify the <literal>tls</literal> option. For a TLS/DTLS client you may also specify the <literal>tls</literal> option.
......
...@@ -203,6 +203,7 @@ static int tlsaddcacrl(SSL_CTX *ctx, struct tls *conf) { ...@@ -203,6 +203,7 @@ static int tlsaddcacrl(SSL_CTX *ctx, struct tls *conf) {
static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
SSL_CTX *ctx = NULL; SSL_CTX *ctx = NULL;
unsigned long error; unsigned long error;
long sslversion = SSLeay();
switch (type) { switch (type) {
#ifdef RADPROT_TLS #ifdef RADPROT_TLS
...@@ -228,6 +229,15 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { ...@@ -228,6 +229,15 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
return NULL; return NULL;
} }
if (sslversion < 0x00908100L ||
(sslversion >= 0x10000000L && sslversion < 0x10000020L)) {
debug(DBG_WARN, "%s: %s seems to be of a version with a "
"certain security critical bug (fixed in OpenSSL 0.9.8p and "
"1.0.0b). Disabling OpenSSL session caching for context %p.",
__func__, SSLeay_version(SSLEAY_VERSION), ctx);
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
}
if (conf->certkeypwd) { if (conf->certkeypwd) {
SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->certkeypwd); SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->certkeypwd);
SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_cb); SSL_CTX_set_default_passwd_cb(ctx, pem_passwd_cb);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment