These options are lefotvers from before the OpenSSL3 support backport.
They do not harm FreeRADIUS functioning but print warnings on server
startup.
Resolves: RHEL-30830
Signed-off-by: Antonio Torres <antorres@redhat.com>
A crash would occur when verifying a client certificate when a
certificate chain with two or more intermediate certificates is used.
Resolves: #2183447
Signed-off-by: Antonio Torres <antorres@redhat.com>
Fix 'warning[-Wmaybe-uninitialized]: 'eapsim_attribute' may be used
uninitialized in this function' by reading directly the attribute list
instead of the unitialized variable.
Resolves: #2151705
Signed-off-by: Antonio Torres <antorres@redhat.com>
Some subpackages have been added to CRB repository, we need to rebuild
so that these are added to nightly.
Resolves: #2126380
Signed-off-by: Antonio Torres <antorres@redhat.com>
We need this flag added to CFLAGS in order for FreeRADIUS to run under a
system in FIPS mode.
Resolves: 2083699
Signed-off-by: Antonio Torres <antorres@redhat.com>
This updates the OpenSSL 3.0 backport patch to current 3.0.x branch
state, which includes fixes for accessing MD4 and MD5 algorithms when
the system is in FIPS mode.
Resolves: #2083699
Signed-off-by: Antonio Torres <antorres@redhat.com>
We need openssl-perl in order to have 'make verify' working correctly on
the certs directory.
Resolves: #2078816
Signed-off-by: Antonio Torres <antorres@redhat.com>
While certificates have correct permissions set if generated through
bootstrap script, they don't if they are generated using "make"
directly. With this change certificate permissions are set to 640 and
ownership to root:radiusd.
Resolves: #2069224
Signed-off-by: Antonio Torres <antorres@redhat.com>
Commit cb13e66776 added this change to
certificate Makefile, change it on base script as well for consistency.
Resolves: #2069224
Signed-off-by: Antonio Torres <antorres@redhat.com>
Bootstrap script would fail to generate certificates if run on systems
with FIPS enabled. By passing the -noenc option, we can skip the usage
of unsupported algorithms on these systems.
Related: rhbz#2069224
Signed-off-by: Antonio Torres <antorres@redhat.com>
Using an infinite timeout will make libldap use blocking thread for
establishing the TLS connection both when using StartTTLS and when using
LDAPS. This leaves the LDAP_OPT_NETWORK_TIMEOUT to its
default (-1) when using TLS connection.
Related: rhbz#1992551
Signed-off-by: Antonio Torres <antorres@redhat.com>
LDAP library returns a partially open handle for connection. Retrying
connection on module instantiation helps to succesfully connect
using this partially open handle.
Resolves: #1992551
Bump release number to account for latest changes in test script from
commit c1e0756a09.
Related: rhbz#1990392
Signed-off-by: Antonio Torres <antorres@redhat.com>
Usage of the inet_addr function triggers the badfuncs check in
rpminspect. Since this is already fixed upstream, it is safe for us to
ignore this error.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1986972
Signed-off-by: Antonio Torres <antorres@redhat.com>
RPATH usage is not allowed by rpminspect, so workaround it by removing
the rpath usage and adding the config file for ld.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1986968
Signed-off-by: Antonio Torres <antorres@redhat.com>
Fix resource hard limit being set to zero, since it made it impossible
to reset the limit to a higher value.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1977722
Signed-off-by: Antonio Torres <antorres@redhat.com>