Bug #7170
closed
FreeRADIUS built-in certificate manager defaults to MD5 (!!!), no support for SHA2
0%
Description
I'd rather nuke this redundant thing altogether, however not sure how to handle the transition for unfortunate users who might be using this.
Updated by Kill Bill about 7 years ago
Added a huge deprecation warning to the page as part of https://github.com/pfsense/FreeBSD-ports/pull/272.
Updated by
Updated by Kill Bill about 7 years ago
Guys, any ETA for 2.4 release (not date, but weeks/months, that sort of thing)? Would be a good opportunity to get rid of this, plus document required manual configuration changes in the release notes.
Updated by Jim Pingle about 7 years ago
I agree, it could/should be killed for 2.4.
Not that far out, probably a few weeks.
Updated by Kill Bill about 7 years ago
OK, I'll figure something out and do a PR. Need https://github.com/pfsense/FreeBSD-ports/pull/308 merged first before doing anything else here.
Updated by Jim Pingle about 7 years ago
FYI- I merged that PR, should be good to continue.
Updated by Kill Bill about 7 years ago
Thanks, can start killing some code now. :)
Updated by Kill Bill about 7 years ago
https://github.com/pfsense/FreeBSD-ports/pull/334
Should be pretty much complete now.
Updated by Kill Bill about 7 years ago
Merged.
Note: This needs to go to 2.4 release notes. Configuring the certs is no longer optional, it's simply a required configuration step for FreeRADIUS to work. Adding some file_notice() to freeradius_upgrade_config() plus an install message would be useful, I guess - see https://forum.pfsense.org/index.php?topic=128923.0
Updated by Jim Pingle almost 7 years ago
- Status changed from Feedback to Resolved
- Assignee changed from Anonymous to Jim Pingle
This has all been removed from FreeRADIUS. Cert handling in FreeRADIUS is 100% done in the Cert Manager now on 2.3.4 and 2.4.