freeradius: Fix service start error

Following error occurred while starting this service. Error: tls: (TLS) Failed reading certificate file "/etc/raddb/certs/server.pem" Error: tls: (TLS) error:03000072:digital envelope routines::decode error Error: tls: (TLS) error:0A00018F:SSL routines::ee key too small Error: rlm_eap_tls: Failed initializing SSL context Error: rlm_eap (EAP): Failed to initialise rlm_eap_tls Error: /etc/raddb/mods-enabled/eap[14]: Instantiation failed for module "eap" Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Liu Yiding <liuyd.fnst@fujitsu.com> 2025-09-22 11:58:02 +0800
committer: Khem Raj <raj.khem@gmail.com> 2025-09-22 08:30:05 -0700
commit: 97376e916ef75c5bf823fcedbfdee6f03af15f96 (patch)
tree: ea01f77d854b9b9458db31d455e26bf295d28a5a
parent: 4c9349f0fd64b975e1424d6df37153fbc27a0a09 (diff)
download: meta-openembedded-97376e916ef75c5bf823fcedbfdee6f03af15f96.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch
new file mode 100644
index 0000000000..f1ec181bc1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch
@@ -0,0 +1,33 @@
+From e97ffc1f820beff12bb8084e6337168a1cd27540 Mon Sep 17 00:00:00 2001
+From: Liu Yiding <liuyd.fnst@fujitsu.com>
+Date: Sat, 20 Sep 2025 06:50:17 +0000
+Subject: [PATCH] Fix Service start error
+change "fips=no" to "-fips"
+based on discussions with the OpenSSL developers in
+https://github.com/FreeRADIUS/freeradius-server/issues/5631
+Upstream-Status: Backport
+https://github.com/FreeRADIUS/freeradius-server/commit/59e262f1134fef8d53d15ae963885a08c9ea8315
+Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
+---
+ src/main/tls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/main/tls.c b/src/main/tls.c
+index 2a348eb9bb..02a4c24f70 100644
+--- a/src/main/tls.c
+++ b/src/main/tls.c
+@@ -3644,7 +3644,7 @@ int tls_global_init(TLS_UNUSED bool spawn_flag, TLS_UNUSED bool check)
+        CONF_modules_load_file(NULL, NULL, 0);
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-       EVP_set_default_properties(NULL, "fips=no");
+       EVP_set_default_properties(NULL, "-fips");
+ #endif
+ 
+        /*
+-- 
+2.43.0
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
index fea4d858ed..181d9e5d18 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
@@ -35,6 +35,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0
    file://0015-bootstrap-check-commands-of-openssl-exist.patch \
    file://0016-version.c-don-t-print-build-flags.patch \
    file://0017-Add-acinclude.m4-to-include-required-macros.patch \
+    file://0018-Fix-Service-start-error.patch \
 "
 raddbdir = "${sysconfdir}/${MLPREFIX}raddb"
author	Liu Yiding <liuyd.fnst@fujitsu.com>	2025-09-22 11:58:02 +0800
committer	Khem Raj <raj.khem@gmail.com>	2025-09-22 08:30:05 -0700
commit	97376e916ef75c5bf823fcedbfdee6f03af15f96 (patch)
tree	ea01f77d854b9b9458db31d455e26bf295d28a5a
parent	4c9349f0fd64b975e1424d6df37153fbc27a0a09 (diff)
download	meta-openembedded-97376e916ef75c5bf823fcedbfdee6f03af15f96.tar.gz

diff --git a/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch new file mode 100644 index 0000000000..f1ec181bc1 --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/0018-Fix-Service-start-error.patch
@@ -0,0 +1,33 @@
		1	From e97ffc1f820beff12bb8084e6337168a1cd27540 Mon Sep 17 00:00:00 2001
		2	From: Liu Yiding <liuyd.fnst@fujitsu.com>
		3	Date: Sat, 20 Sep 2025 06:50:17 +0000
		4	Subject: [PATCH] Fix Service start error
		5
		6	change "fips=no" to "-fips"
		7	based on discussions with the OpenSSL developers in
		8	https://github.com/FreeRADIUS/freeradius-server/issues/5631
		9
		10	Upstream-Status: Backport
		11	https://github.com/FreeRADIUS/freeradius-server/commit/59e262f1134fef8d53d15ae963885a08c9ea8315
		12
		13	Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
		14	---
		15	src/main/tls.c \| 2 +-
		16	1 file changed, 1 insertion(+), 1 deletion(-)
		17
		18	diff --git a/src/main/tls.c b/src/main/tls.c
		19	index 2a348eb9bb..02a4c24f70 100644
		20	--- a/src/main/tls.c
		21	+++ b/src/main/tls.c
		22	@@ -3644,7 +3644,7 @@ int tls_global_init(TLS_UNUSED bool spawn_flag, TLS_UNUSED bool check)
		23	CONF_modules_load_file(NULL, NULL, 0);
		24
		25	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
		26	- EVP_set_default_properties(NULL, "fips=no");
		27	+ EVP_set_default_properties(NULL, "-fips");
		28	#endif
		29
		30	/*
		31	--
		32	2.43.0
		33


diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb index fea4d858ed..181d9e5d18 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.7.bb
@@ -35,6 +35,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0
35	file://0015-bootstrap-check-commands-of-openssl-exist.patch \	35	file://0015-bootstrap-check-commands-of-openssl-exist.patch \
36	file://0016-version.c-don-t-print-build-flags.patch \	36	file://0016-version.c-don-t-print-build-flags.patch \
37	file://0017-Add-acinclude.m4-to-include-required-macros.patch \	37	file://0017-Add-acinclude.m4-to-include-required-macros.patch \
		38	file://0018-Fix-Service-start-error.patch \
38	"	39	"
39		40
40	raddbdir = "${sysconfdir}/${MLPREFIX}raddb"	41	raddbdir = "${sysconfdir}/${MLPREFIX}raddb"