[meta-oe] freeradius: Fix service start error

Message ID	20250922035802.3288-1-liuyd.fnst@fujitsu.com
State	Under Review
Headers	show Return-Path: <liuyd.fnst@fujitsu.com> ip: 207.54.90.47, mailfrom: liuyd.fnst@fujitsu.com) From: Liu Yiding <liuyd.fnst@fujitsu.com> To: openembedded-devel@lists.openembedded.org Subject: [oe] [meta-oe] [PATCH] freeradius: Fix service start error Date: Mon, 22 Sep 2025 11:58:02 +0800 Message-Id: <20250922035802.3288-1-liuyd.fnst@fujitsu.com>
Series	[meta-oe] freeradius: Fix service start error \| expand [meta-oe] freeradius: Fix service start error

Message ID

20250922035802.3288-1-liuyd.fnst@fujitsu.com

State

Under Review

Headers

From: Liu Yiding <liuyd.fnst@fujitsu.com>
To: openembedded-devel@lists.openembedded.org
Subject: [oe] [meta-oe] [PATCH] freeradius: Fix service start error
Date: Mon, 22 Sep 2025 11:58:02 +0800
Message-Id: <20250922035802.3288-1-liuyd.fnst@fujitsu.com>

Series

[meta-oe] freeradius: Fix service start error | expand

Commit Message

Liu Yiding Sept. 22, 2025, 3:58 a.m. UTC

Following error occurred while starting this service.
 Error: tls: (TLS) Failed reading certificate file "/etc/raddb/certs/server.pem"
 Error: tls: (TLS) error:03000072:digital envelope routines::decode error
 Error: tls: (TLS) error:0A00018F:SSL routines::ee key too small
 Error: rlm_eap_tls: Failed initializing SSL context
 Error: rlm_eap (EAP): Failed to initialise rlm_eap_tls
 Error: /etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap"

Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
---
 .../files/0018-Fix-Service-start-error.patch  | 33 +++++++++++++++++++
 .../freeradius/freeradius_3.2.7.bb            |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch

Comments

Ankur Tyagi Sept. 22, 2025, 4:51 a.m. UTC | #1

This patch will also be a good improvement for the walnascar branch too.

On Mon, Sep 22, 2025 at 3:59 PM Yiding Liu (Fujitsu) via
lists.openembedded.org <liuyd.fnst=fujitsu.com@lists.openembedded.org>
wrote:
>
> Following error occurred while starting this service.
>  Error: tls: (TLS) Failed reading certificate file "/etc/raddb/certs/server.pem"
>  Error: tls: (TLS) error:03000072:digital envelope routines::decode error
>  Error: tls: (TLS) error:0A00018F:SSL routines::ee key too small
>  Error: rlm_eap_tls: Failed initializing SSL context
>  Error: rlm_eap (EAP): Failed to initialise rlm_eap_tls
>  Error: /etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap"
>
> Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
> ---
>  .../files/0018-Fix-Service-start-error.patch  | 33 +++++++++++++++++++
>  .../freeradius/freeradius_3.2.7.bb            |  1 +
>  2 files changed, 34 insertions(+)
>  create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch
>
> diff --git a/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch
> new file mode 100644
> index 0000000000..c5bcfe718e
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch
> @@ -0,0 +1,33 @@
> +From e97ffc1f820beff12bb8084e6337168a1cd27540 Mon Sep 17 00:00:00 2001
> +From: Liu Yiding <liuyd.fnst@fujitsu.com>
> +Date: Sat, 20 Sep 2025 06:50:17 +0000
> +Subject: [PATCH] Fix Service start error
> +
> +change "fips=no" to "-fips"
> +based on discussions with the OpenSSL developers in
> +https://github.com/FreeRADIUS/freeradius-server/issues/5631
> +
> +Upstream-Status: Backport
> +https://github.com/FreeRADIUS/freeradius-server/commit/59e262f1134fef8d53d15ae963885a08c9ea8315
> +
> +Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
> +---
> + src/main/tls.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/main/tls.c b/src/main/tls.c
> +index 2a348eb9bb..02a4c24f70 100644
> +--- a/src/main/tls.c
> ++++ b/src/main/tls.c
> +@@ -3644,7 +3644,7 @@ int tls_global_init(TLS_UNUSED bool spawn_flag, TLS_UNUSED bool check)
> +       CONF_modules_load_file(NULL, NULL, 0);
> +
> + #if OPENSSL_VERSION_NUMBER >= 0x30000000L
> +-      EVP_set_default_properties(NULL, "fips=no");
> ++      EVP_set_default_properties(NULL, "-fips");
> + #endif
> +
> +       /*
> +--
> +2.43.0
> +
> diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
> index fea4d858ed..181d9e5d18 100644
> --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
> +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
> @@ -35,6 +35,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0
>      file://0015-bootstrap-check-commands-of-openssl-exist.patch \
>      file://0016-version.c-don-t-print-build-flags.patch \
>      file://0017-Add-acinclude.m4-to-include-required-macros.patch \
> +    file://0018-Fix-Service-start-error.patch \
>  "
>
>  raddbdir = "${sysconfdir}/${MLPREFIX}raddb"
> --
> 2.43.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#119638): https://lists.openembedded.org/g/openembedded-devel/message/119638
> Mute This Topic: https://lists.openembedded.org/mt/115370570/3619737
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ankur.tyagi85@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

diff --git a/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch
new file mode 100644
index 0000000000..c5bcfe718e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch
@@ -0,0 +1,33 @@ 
+From e97ffc1f820beff12bb8084e6337168a1cd27540 Mon Sep 17 00:00:00 2001
+From: Liu Yiding <liuyd.fnst@fujitsu.com>
+Date: Sat, 20 Sep 2025 06:50:17 +0000
+Subject: [PATCH] Fix Service start error
+
+change "fips=no" to "-fips"
+based on discussions with the OpenSSL developers in
+https://github.com/FreeRADIUS/freeradius-server/issues/5631
+
+Upstream-Status: Backport
+https://github.com/FreeRADIUS/freeradius-server/commit/59e262f1134fef8d53d15ae963885a08c9ea8315
+
+Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
+---
+ src/main/tls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/main/tls.c b/src/main/tls.c
+index 2a348eb9bb..02a4c24f70 100644
+--- a/src/main/tls.c
++++ b/src/main/tls.c
+@@ -3644,7 +3644,7 @@ int tls_global_init(TLS_UNUSED bool spawn_flag, TLS_UNUSED bool check)
+ 	CONF_modules_load_file(NULL, NULL, 0);
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	EVP_set_default_properties(NULL, "fips=no");
++	EVP_set_default_properties(NULL, "-fips");
+ #endif
+ 
+ 	/*
+-- 
+2.43.0
+
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
index fea4d858ed..181d9e5d18 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
@@ -35,6 +35,7 @@  SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0
     file://0015-bootstrap-check-commands-of-openssl-exist.patch \
     file://0016-version.c-don-t-print-build-flags.patch \
     file://0017-Add-acinclude.m4-to-include-required-macros.patch \
+    file://0018-Fix-Service-start-error.patch \
 "
 
 raddbdir = "${sysconfdir}/${MLPREFIX}raddb"

[meta-oe] freeradius: Fix service start error

Commit Message

Comments

Patch