Date: Friday, July 4, 2014 @ 19:39:36 Author: anatolik Revision: 216498
upgpkg: wpa_supplicant 2.2-1 Modified: wpa_supplicant/trunk/PKGBUILD wpa_supplicant/trunk/config Deleted: wpa_supplicant/trunk/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch -----------------------------------------------------------------+ 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch | 74 ---------- PKGBUILD | 17 -- config | 5 3 files changed, 10 insertions(+), 86 deletions(-) Deleted: 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch =================================================================== --- 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch 2014-07-04 17:10:14 UTC (rev 216497) +++ 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch 2014-07-04 17:39:36 UTC (rev 216498) @@ -1,74 +0,0 @@ -From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001 -From: Jouni Malinen <[email protected]> -Date: Wed, 19 Feb 2014 11:56:02 +0200 -Subject: [PATCH] Revert "OpenSSL: Do not accept SSL Client certificate for - server" - -This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are -too many deployed AAA servers that include both id-kp-clientAuth and -id-kp-serverAuth EKUs for this change to be acceptable as a generic rule -for AAA authentication server validation. OpenSSL enforces the policy of -not connecting if only id-kp-clientAuth is included. If a valid EKU is -listed with it, the connection needs to be accepted. - -Signed-off-by: Jouni Malinen <[email protected]> ---- - src/crypto/tls.h | 3 +-- - src/crypto/tls_openssl.c | 13 ------------- - 2 files changed, 1 insertion(+), 15 deletions(-) - -diff --git a/src/crypto/tls.h b/src/crypto/tls.h -index 287fd33..feba13f 100644 ---- a/src/crypto/tls.h -+++ b/src/crypto/tls.h -@@ -41,8 +41,7 @@ enum tls_fail_reason { - TLS_FAIL_ALTSUBJECT_MISMATCH = 6, - TLS_FAIL_BAD_CERTIFICATE = 7, - TLS_FAIL_SERVER_CHAIN_PROBE = 8, -- TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9, -- TLS_FAIL_SERVER_USED_CLIENT_CERT = 10 -+ TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9 - }; - - union tls_event_data { -diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c -index a13fa38..8cf1de8 100644 ---- a/src/crypto/tls_openssl.c -+++ b/src/crypto/tls_openssl.c -@@ -105,7 +105,6 @@ struct tls_connection { - unsigned int ca_cert_verify:1; - unsigned int cert_probe:1; - unsigned int server_cert_only:1; -- unsigned int server:1; - - u8 srv_cert_hash[32]; - -@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) - TLS_FAIL_SERVER_CHAIN_PROBE); - } - -- if (!conn->server && err_cert && preverify_ok && depth == 0 && -- (err_cert->ex_flags & EXFLAG_XKUSAGE) && -- (err_cert->ex_xkusage & XKU_SSL_CLIENT)) { -- wpa_printf(MSG_WARNING, "TLS: Server used client certificate"); -- openssl_tls_fail_event(conn, err_cert, err, depth, buf, -- "Server used client certificate", -- TLS_FAIL_SERVER_USED_CLIENT_CERT); -- preverify_ok = 0; -- } -- - if (preverify_ok && context->event_cb != NULL) - context->event_cb(context->cb_ctx, - TLS_CERT_CHAIN_SUCCESS, NULL); -@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data, - int res; - struct wpabuf *out_data; - -- conn->server = !!server; -- - /* - * Give TLS handshake data from the server (if available) to OpenSSL - * for processing. --- -1.9.0 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-07-04 17:10:14 UTC (rev 216497) +++ PKGBUILD 2014-07-04 17:39:36 UTC (rev 216498) @@ -2,8 +2,8 @@ # Maintainer: Thomas Bächler <[email protected]> pkgname=wpa_supplicant -pkgver=2.1 -pkgrel=3 +pkgver=2.2 +pkgrel=1 pkgdesc="A utility providing key negotiation for WPA wireless networks" url="http://hostap.epitest.fi/wpa_supplicant"; arch=('i686' 'x86_64') @@ -12,17 +12,12 @@ license=('GPL') backup=('etc/wpa_supplicant/wpa_supplicant.conf') source=("http://w1.fi/releases/${pkgname}-${pkgver}.tar.gz"; - config - 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch) -sha256sums=('91632e7e3b49a340ce408e2f978a93546a697383abf2e5a60f146faae9e1b277' - '522b1e2b330bd3fcb9c3c964b0f05ad197a2f1160741835a47585ea45ba8e0a4' - '3c85fa2cf2465fea86383eece75fa5479507a174da6f0cd09e691fbaaca03c74') + config) +sha256sums=('e0d8b8fd68a659636eaba246bb2caacbf53d22d53b2b6b90eb4b4fef0993c8ed' + '3ad2d74d0273ec22cea9000773a773e3b87eef714fa6c2cd4ed37ebe46a10221') prepare() { - cd "${srcdir}/${pkgname}-${pkgver}/" - patch -p1 -i "${srcdir}"/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch - - cd "${pkgname}/" + cd "${srcdir}/${pkgname}-${pkgver}/${pkgname}/" cp "${srcdir}/config" ./.config } Modified: config =================================================================== --- config 2014-07-04 17:10:14 UTC (rev 216497) +++ config 2014-07-04 17:39:36 UTC (rev 216498) @@ -253,7 +253,7 @@ # main_none = Very basic example (development use only) #CONFIG_MAIN=main -# Select wrapper for operatins system and C library specific functions +# Select wrapper for operating system and C library specific functions # unix = UNIX/POSIX like systems (default) # win32 = Windows systems # none = Empty template @@ -267,6 +267,9 @@ # Should we use poll instead of select? Select is used by default. #CONFIG_ELOOP_POLL=y +# Should we use epoll instead of select? Select is used by default. +CONFIG_ELOOP_EPOLL=y + # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap
