net/freeradius3: Disable OpenSSL version checking

FreeRadius developers include a feature enabled by default which checks
your OpenSSL version and refuses to run if certain CVEs are detected.
This is an interesting idea but it means it's possible to upgrade
FreeRadius on a production server and suddently it won't run, especially
if FreeBSD's base OpenSSL doesn't report a version number that can
convince the software it is free from the specified CVEs.

Currently FreeRadius refuses to run on FreeBSD 10.3-RELEASE because it
thinks base system OpenSSL is not patched for CVE-2016-6304, but that
was in fact patched by FreeBSD-10.3-RELEASE-p9.

This feature is only useful if you are using vanilla upstream versions
of OpenSSL which we are not.

Approved by:	portmgr (with hat)
MFH:		2017Q3

1 files changed, 3 insertions, 1 deletions

diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile
index 0dbab92234b4..7575d7cb2622 100644
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	freeradius
 DISTVERSION=	3.0.15
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \
 		ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \
@@ -321,7 +322,8 @@ CONFIGURE_ARGS+=--with-logdir=${LOGDIR} \
 		--without-rlm_securid \
 		--without-rlm_cache_memcached \
 		--with-vmps \
-		--with-collectdclient-lib-dir=/dev/null
+		--with-collectdclient-lib-dir=/dev/null \
+		--disable-openssl-version-check
 
 .if ${ARCH} == amd64
 CONFIGURE_ARGS+=--with-pic