## Verifying SHA256 checksums can be found in [[sha256.txt]]. PGP signatures can be found below. ## Releases * [1.6.6](radsecproxy-1.6.6.tar.xz) ([PGP sig](radsecproxy-1.6.6.tar.xz.asc)) from January 19th, 2015 This is the latest release. It fixes [RADSECPROXY-59](https://project.nordu.net/browse/RADSECPROXY-59) (use rewriteIn correctly), and [RADSECPROXY-58](https://project.nordu.net/browse/RADSECPROXY-58) (handle CHAP when there is no CHAP-Challenge), as well as a number of security fixes (two use-after-free, one null-pointer dereference, and three heap overflows). * [1.6.5](radsecproxy-1.6.5.tar.gz) ([PGP sig](radsecproxy-1.6.5.tar.gz.asc)) from September 6th, 2013 Fixes a crash bug introduced in 1.6.4. Fixes [RADSECPROXY-53](https://project.nordu.net/browse/RADSECPROXY-53), bugfix on 1.6.4. * 1.6.4 ([PGP sig](radsecproxy-1.6.4.tar.gz.asc)) from September 5th, 2013 Fixes a bug with not keeping Proxy-State attributes in all replies [RADSECPROXY-52](https://project.nordu.net/browse/RADSECPROXY-52). * [1.6.3](radsecproxy-1.6.3.tar.gz) ([PGP sig](radsecproxy-1.6.3.tar.gz.asc)) from September 5th, 2013 Fixes bugs vital for dynamic discovery, see ChangeLog for details. * [1.6.2](radsecproxy-1.6.2.tar.gz) ([PGP sig](radsecproxy-1.6.2.tar.gz.asc)) from October 25th, 2012 Fixes bug regarding certificate authentication for DTLS [RADSECPROXY-43](https://project.nordu.net/browse/RADSECPROXY-43), CVE-2012-4566). * [1.6.1](radsecproxy-1.6.1.tar.gz) ([PGP sig](radsecproxy-1.6.1.tar.gz.asc)) from September 14th, 2012 Fixes a bug regarding certificate authentication [RADSECPROXY-43](https://project.nordu.net/browse/RADSECPROXY-43), CVE-2012-4523) * [1.6](radsecproxy-1.6.tar.gz) ([PGP sig](radsecproxy-1.6.tar.gz.asc)) from April 28th, 2012 Improved support for F-Ticks logging and new option for pidfile. **Incompatible change**: The default shared secret for TLS and DTLS connections change from "mysecret" to "radsec" as per draft-ietf-radext-radsec-12 section 2.3 (4). Please make sure to specify a secret in both client and server blocks to avoid unwanted surprises. The default place to look for a configuration file has changed from /etc to /usr/local/etc, let radsecproxy know where your configuration file can be found by using the `-c' command line option, or configure radsecproxy on with --sysconfdir=/etc when building to restore old behaviour. For other changes, see Changelog inside the archive. * [1.5](radsecproxy-1.5.tar.gz) ([PGP sig](radsecproxy-1.5.tar.gz.asc)) from October 8th, 2011 Introduces support for F-Ticks logging. For other changes, see Changelog inside the archive. ## Older releases * [1.4.3](radsecproxy-1.4.3.tar.gz) ([PGP sig](radsecproxy-1.4.3.tar.gz.asc)) from July 22nd, 2011 Fixed a debug printout issue. * [1.4.2](radsecproxy-1.4.2.tar.gz) ([PGP sig](radsecproxy-1.4.2.tar.gz.asc)) from November 23rd, 2010 Mostly a security update due to a certain vulnerability in how caching was handled in OpenSSL prior to 0.9.8p and 1.0.0b. If your OpenSSL is older than those, you should use this one or newer. * 1.4.1 from November 18th, 2010 This release contained some debug code that caused crashes, and is hence removed. * [1.4](radsecproxy-1.4.tar.gz) from June 12th, 2010 The major changes are support for LoopPrevention per server, added AddVendorAttribute rewrite configuration, new log level DBG_NOTICE, fixed UDP fragmentation issue, fixed build issues on Solaris and fixed bug regarding long passwords. * [1.3.1](radsecproxy-1.3.1.tar.gz) from July 22nd, 2009 Last release of 1.3. The main change is an important fix for multiple UDP servers with the same IP address, which solves accounting problems experienced by many. Thanks alot to Simon Leinen for submitting the patch for this. Default log level is 2, while it was 3 previously. also, some log messages have changed log levels. you should be fine using this in production, although 1.2 may be safer (as it has been through more testing) if you don't need the new features. * [1.2](radsecproxy-1.2.tar.gz) from October 7th, 2008 Perhaps the most stable "old" release so far. If you do not need the new features in 1.3+, then this may be the best option. Some issues with earlier releases are fixed and there are also a number of new useful features like more message rewrite options and regularly refreshing CRLs. * [1.3-beta](radsecproxy-1.3-beta.tar.gz) from February 18th, 2009 This is only a beta release and needs more testing to be as mature as 1.2, so be careful about using this in production. But if you can, please help test this release to speed its way towards the 1.3 release. The only new feature since the alpha release is that client and server blocks can contain multiple host options. There have also been some minor bug fixes, and it is now possible when compiling to select which transports to support. * [1.3-alpha](radsecproxy-1.3-alpha.tar.gz) from December 4th, 2008 Many new features were introduced in 1.3. The major ones are TCP and DTLS transport, and dynamic server discovery. Other minor features are TTL (hopcount) support for RADIUS messages and PolicyOID for checking certificate policies. * [1.1](radsecproxy-1.1.tar.gz) from July 24th, 2008 This release has proven to be fairly stable, but an upgrade to 1.2 is recommended. Some issues with earlier releases are fixed and there are also a number of new useful features like failover when not using Status-Server, limited loop prevention and CRL checking. This is also the first version where accounting works properly. * [1.1-beta](radsecproxy-1.1-beta.tar.gz) from May 14th, 2008 The main new features since 1.1-alpha were attribute filtering, accounting support and improved certificate matching. * [1.1-alpha](radsecproxy-1.1-alpha.tar.gz) from December 24th, 2007 There are some known problems with this release, so you should be using the most recent 1.1 release instead. The new features were in short: pretend option for validating configuration; include option for including additional config files; clients can be configured by IP prefix, allowing dynamic clients; server failover support; source address and port can be specified for requests; and finally optional rewriting of the username attribute. * [1.0p1](radsecproxy-1.0p1.tar.gz) from October 16th, 2007 Since 1.0 a bug was fixed where the proxy was likely to crash if any servers were configured after the first realm block. Since the alpha release the certificate validation was improved and some minor bugs have been fixed. * [1.0](radsecproxy-1.0.tar.gz) from September 21st, 2007 * [1.0-alpha-p1](radsecproxy-1.0-alpha-p1.tar.gz) from June 13th, 2007 * [1.0-alpha](radsecproxy-1.0-alpha.tar.gz) from June 5th, 2007 ## Access via git The developer tree of radsecproxy is available as a [tar archive](https://git.nordu.net/?p=radsecproxy.git;a=snapshot;h=HEAD;sf=tgz) or you use git. To checkout the current version of the tree, enter the following command: git clone https://git.nordu.net/radsecproxy.git If you want to contribute code, you need to get in [contact with the developers](?page=contact). Note that there is also a [web interface](http://git.nordu.net/?p=radsecproxy.git;a=summary) to the repository. ## Linux packages Various people have kindly contributed packages for various Linux distributions. ### Debian * Since Debian release 5 (Lenny), radsecproxy is included in the distribution. * 1.2 for CentOS 5 / Red Hat Enterprise Linux 5 [radsecproxy-1.2-1.i386.rpm](packages/radsecproxy-1.2-1.i386.rpm) [radsecproxy-1.2-1.src.rpm](packages/radsecproxy-1.2-1.src.rpm) * 1.0 for openSUSE, Fedora and Mandriva openSUSE should be available from various mirrors, but all of these can also be downloaded from [download.opensuse.org](http://download.opensuse.org/repositories/network:/aaa/). The Fedora and Mandriva packages have not yet been tested (AFAIK), please let me know whether they work for you or not. * 1.0p1 for [OpenSDE](http://opensde.org/) Part of the distribution, see the site