[RADIATOR] OpenSSL version.

Johnson, Neil M neil-johnson at uiowa.edu
Mon Aug 17 16:53:38 CDT 2015


I tried to upgrade to ActiveState PERL and when I try to install the following modules I need:

C:\Perl64\bin>ppm install Net-SNMP
Downloading Net-SNMP-v6.0.1...failed 500 write failed: Bad file descriptor
ppm install failed: 500 write failed: Bad file descriptor

C:\Perl64\bin>ppm install http://www.open.com.au/radiator/free-downloads/Win32-Lsa.ppd
ppm install failed: 500 write failed: Bad file descriptor

I also could not install Win32::Daemon with either or

C:\Perl64\bin>ppm install Win32::Daemon
Downloading ActiveState Package Repository dbimage...done
Syncing site PPM database with .packlists...done
ppm install failed: Can't find any package that provides Win32::Daemon



Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
E-Mail: neil-johnson at uiowa.edu

> On Aug 15, 2015, at 3:08 AM, Heikki Vatiainen <hvn at open.com.au> wrote:
> On 08/15/2015 12:20 AM, Johnson, Neil M wrote:
>> I removed the OSC NET::SSLeay ppm from my Windows system and now I’m
>> using the Active States version of OpenSSL, which is OpenSSL 1.0.1e
>> 11 Feb 2013 and vulnerable to Heartbleed.
> Hello Neil and the other list members,
> I suggest upgrading your ActivePerl to a version that does not come with
> a vulnerable OpenSSL. ActiveState has published this information about
> the vulnerable versions:
> https://community.activestate.com/node/10856
> Radiator comes with Win32-Lsa PPMs that work with ActivePerl 5.18. If
> you'd like to use a more recent ActivePerl, please let us know. Now that
> ActivePerl 5.22 is out, we can see how the LSA module compiles against
> it. The compiler changes introduced in ActivePerl 5.20 have hopefully
> now been settled.
> Another option is to use Strawberry Perl. The Win32-Lsa modules that
> come with Radiator 4.15 support Strawberry Perl up to version 5.22.
> The Heartbleed fix was announced in Strawberry Perl April 2014 release:
> http://strawberryperl.com/release-notes/
> The precompiled Net::SSLeay modules were mainly provided for those who
> wanted to use EAP-FAST while the extensions EAP-FAST required were not
> widely available in OpenSSL. When the Heartbleed vulnerability was
> exposed, they were also useful for a quick mitigation.
> I recommend using the Net::SSLeay and OpenSSL that come with ActivePerl
> and Strawberry Perl and keeping track of their releases and upgrading as
> needed.
> Thanks,
> Heikki
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list