Feature improvements
- Add support for OpenSSL3
- Add
dictionary.mellanox,dictionary.netelastic,dictionary.ciena,dictionary.nile - Update
dictionary.aruba,dictionary.roaringpenguin - Removed haproxy support. It's new and experimental, and belongs in the v3.2 release, where it will be fully supported.
- Support PEAP and TTLS with TLS 1.3. This has been tested with wpa_supplicant and Windows 11.
- Add
%{concat:foo[*] ;}, which concatenates a set of attributes, separated by a character. - Added sample configuration for using Google LDAP. See sites-available/google-ldap-auth, and mods-available/google_ldap, and mods-available/cache_auth.
- Add Dockerfiles for Rocky8.
- Add
raduatscript to thefreeradius-utilspackage. - Add Debian
freeradius-freetdspackage. - Add client short name to "dropping packet" message,
- Update MS-SQL queries to avoid using column which was deleted years ago.
- Add configure-time FIPS workaround to use internal MD4/MD5 implementations when disabled in OpenSSL.
Bug fixes
- Ensure PBKDF2 always uses at least one iteration
- Actually use the certificate in "realm_dir" hinted at by SNI.
- Removed the use of "locate" during the "configure" phase. Fixes #4318
- Fix for showing incomplete home server list after deleting a home server via radmin.
- Call
closedir()when reading certificates from a directory. Found by Antonio Torres. Fixes #4378. - If we read more than 16K of data in RadSec, then read it all. Fixes #4388, patch from Aren Sandersen.
- Fix information leak in
compute_password_element()function of EAP-PWD. Found by Mohamed Sabt. - Fix crash in EAP-SIM when unknown attributes are sent.
- Update linelog, etc. to allow the use of
/dev/stdout - Fix crash in race condition when 500+ sockets are open.
- Remove sample "cache_eap" module. It does not work, and offers no benefit.
- Fix crash in RadSec with expired server certificate. #4447.
- PEAP now correctly runs Post-Auth-Type Accept.
- Build fixes for OS X
- Minor updates and fixes to CI, Dockerfiles and packaging.