head	1.1;
access;
symbols;
locks; strict;
comment	@ * @;


1.1
date	2026.06.07.17.45.46;	author adam;	state Exp;
branches;
next	;
commitid	ad7Ke4zF9fmOnTIG;


desc
@@


1.1
log
@radsecproxy: updated to 1.11.2

1.11.2
Bug Fixes:
- Fix Message-Authenticator validation for Accounting-Response

1.11.1
Bug Fixes:
- Fix wrong DN in certificate request
- Fix memory leak when using SIGHUP
- Fix exit when dyndisc script returns illegal PSKkey
- Fix logging during config check
- Fix invalid realm configs are ignored
- Fix default tls block selection

Misc:
- Improve message-authenticator logging

1.11.0
New features:
- TLS-PSK
- Long hex-strings in config
- Reload complete TLS context on SIGHUP, reload client/server cert and key
- Implement SSLKEYLOGFILE mechanism
- Options to require Message-Authenticator

Misc:
- Re-verify certificates on SIGHUP and terminate invalid connections
- Implement recommendations for deprecating insecure transports
- verify EAP message content length
- Close connection on radius attribute decode errors

Bug Fixes:
- Fix correct secret for DTLS (radius/dtls)
- Fix infinite loop when listening on tcp socket fails
- Fix crashes under high load
@
text
@$NetBSD$

Add support for Nettle 4.0
https://github.com/radsecproxy/radsecproxy/pull/197

--- fticks_hashmac.c.orig	2025-03-24 07:29:17.000000000 +0000
+++ fticks_hashmac.c
@@@@ -5,7 +5,8 @@@@
 #include <ctype.h>
 #include <errno.h>
 #include <nettle/hmac.h>
-#include <nettle/sha.h>
+#include <nettle/sha2.h>
+#include <nettle/version.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@@@ -35,7 +36,11 @@@@ static void _hash(const uint8_t *in,
 
         sha256_init(&ctx);
         sha256_update(&ctx, strlen((char *)in), in);
+#if NETTLE_VERSION_MAJOR >= 4
+        sha256_digest(&ctx, hash);
+#else
         sha256_digest(&ctx, sizeof(hash), hash);
+#endif
         _format_hash(hash, out_len, out);
     } else {
         struct hmac_sha256_ctx ctx;
@@@@ -43,7 +48,11 @@@@ static void _hash(const uint8_t *in,
 
         hmac_sha256_set_key(&ctx, strlen((char *)key), key);
         hmac_sha256_update(&ctx, strlen((char *)in), in);
+#if NETTLE_VERSION_MAJOR >= 4
+        hmac_sha256_digest(&ctx, hash);
+#else
         hmac_sha256_digest(&ctx, sizeof(hash), hash);
+#endif
         _format_hash(hash, out_len, out);
     }
 }
@