From: Alan T. DeKok Date: Wed, 2 Jun 2021 14:41:19 +0000 (-0400) Subject: make warnings more explicit and loud X-Git-Tag: release_3_0_23~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c3639b18f224c6c046b2b6cf6804cef97b0693b;p=thirdparty%2Ffreeradius-server.git make warnings more explicit and loud --- diff --git a/src/main/tls.c b/src/main/tls.c index c5057d1d000..ee1026f67e1 100644 --- a/src/main/tls.c +++ b/src/main/tls.c @@ -648,12 +648,15 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU * it. */ if (!allow_tls13 && (conf->max_version == TLS1_3_VERSION)) { - WARN("FORCING MAXIMUM TLS VERSION TO TLS 1.2"); - WARN("There is no standard for using this EAP method with TLS 1.3"); - WARN("Please set tls_max_version = \"1.2\""); - WARN("FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); - WARN("This limitation is likely to change in late 2021."); - WARN("If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); + WARN("!! FORCING MAXIMUM TLS VERSION TO TLS 1.2 !!"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); + WARN("!! There is no standard for using this EAP method with TLS 1.3"); + WARN("!! Please set tls_max_version = \"1.2\""); + WARN("!! FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); + WARN("!! This limitation is likely to change in late 2021."); + WARN("!! If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); if (SSL_set_max_proto_version(new_tls, TLS1_2_VERSION) == 0) { tls_error_log(request, "Failed limiting maximum version to TLS 1.3"); diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c index d50bd75977c..02ea77f3c22 100644 --- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c +++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c @@ -140,11 +140,13 @@ static int mod_instantiate(CONF_SECTION *cs, void **instance) if ((inst->tls_conf->max_version == TLS1_3_VERSION) || (inst->tls_conf->min_version == TLS1_3_VERSION)) { - WARN("There is no standard for using EAP-FAST with TLS 1.3"); - WARN("Please set tls_max_version = \"1.2\""); - WARN("FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); - WARN("This limitation is likely to change in late 2021."); - WARN("If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); + WARN("!! There is no standard for using EAP-FAST with TLS 1.3"); + WARN("!! Please set tls_max_version = \"1.2\""); + WARN("!! FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); + WARN("!! This limitation is likely to change in late 2021."); + WARN("!! If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); } #endif diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c index a9ca9e38d0f..4bbf57330fb 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c @@ -144,12 +144,14 @@ static int mod_instantiate(CONF_SECTION *cs, void **instance) if ((inst->tls_conf->max_version == TLS1_3_VERSION) || (inst->tls_conf->min_version == TLS1_3_VERSION)) { - WARN("There is no standard for using PEAP with TLS 1.3"); - WARN("Please set tls_max_version = \"1.2\""); - WARN("FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); - WARN("This limitation is likely to change in late 2021."); - WARN("If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); - } + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); + WARN("!! There is no standard for using PEAP with TLS 1.3"); + WARN("!! Please set tls_max_version = \"1.2\""); + WARN("!! FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); + WARN("!! This limitation is likely to change in late 2021."); + WARN("!! If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); +} #endif return 0; diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index b896fa4ed57..d327c575fc8 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -75,11 +75,13 @@ static int mod_instantiate(CONF_SECTION *cs, void **instance) #ifdef TLS1_3_VERSION if ((inst->tls_conf->max_version == TLS1_3_VERSION) || (inst->tls_conf->min_version == TLS1_3_VERSION)) { - WARN("Most supplicants do not support EAP-TLS with TLS 1.3"); - WARN("Please set tls_max_version = \"1.2\""); - WARN("FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); - WARN("This limitation is likely to change in late 2021."); - WARN("If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); + WARN("!! Most supplicants do not support EAP-TLS with TLS 1.3"); + WARN("!! Please set tls_max_version = \"1.2\""); + WARN("!! FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); + WARN("!! This limitation is likely to change in late 2021."); + WARN("!! If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); } #endif diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c index b83b21f6316..3c77aa48776 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c @@ -139,11 +139,13 @@ static int mod_instantiate(CONF_SECTION *cs, void **instance) if ((inst->tls_conf->max_version == TLS1_3_VERSION) || (inst->tls_conf->min_version == TLS1_3_VERSION)) { - WARN("There is no standard for using TTLS with TLS 1.3"); - WARN("Please set tls_max_version = \"1.2\""); - WARN("FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); - WARN("This limitation is likely to change in late 2021."); - WARN("If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); + WARN("!! There is no standard for using TTLS with TLS 1.3"); + WARN("!! Please set tls_max_version = \"1.2\""); + WARN("!! FreeRADIUS only supports TLS 1.3 for special builds of wpa_supplicant and Windows"); + WARN("!! This limitation is likely to change in late 2021."); + WARN("!! If you are using this version of FreeRADIUS after 2021, you will probably need to upgrade"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); } #endif