[Pkg-freeradius-maintainers] Bug#1032572: new upstream (3.2.2)
Bernhard Schmidt
berni at debian.org
Fri Mar 10 07:59:13 GMT 2023
On 09/03/23 11:09 AM, Daniel Baumann wrote:
Hi Daniel,
> the latest upstream release (3.2.2) fixes some important bugs for us,
> e.g. the fact that using an intermediate CA for which EAP-TLS, upstream
> writes:
>
> "It's also worth mentioning that FreeRADIUS 3.2.1 has an issue with
> partial chains. E.g. if you have
>
> Root CA -> Intermediate CA -> Client Cert
>
> and you want to put just Intermediate CA in the ca_file as that is
> what you want to trust rather than the root CA, then that does not
> work correctly on 3.2.1."
>
> Given the freeze, it would be very helpful if you could upload 3.2.2 to
> experimental, this would ease the local backporting on our end
> tremendously since we need 3.2.2
I can do so later, but I would prefer to fix these bugs in bookworm,
where uploading a whole new upstream version is not accepted at this
point in the release preparation
(https://release.debian.org/testing/freeze_policy.html).
Interestingly someone else has reported the partial CA problem a few
hours after your report, and provided a link to the issue/commit fixing
this. See Bug#1032590
I have just uploaded 3.2.1-3 to the archive, it should be built in the
next hours. Could you test the resulting package and report back?
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeradius-maintainers/attachments/20230310/9a5e5bf3/attachment-0002.sig>
More information about the Pkg-freeradius-maintainers
mailing list