Bug#911297: wpasupplicant: WPA EAP broken

luca boncompagni Mon, 26 Nov 2018 01:16:07 -0800

Hi to all,

I try to patch wpa_suppplicant with the following patch:


diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 0d5ebda69..acf0f8b0c 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -988,6 +990,7 @@ void * tls_init(const struct tls_config *conf)
                os_free(data);
                return NULL;
        }
+       SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
        data->ssl = ssl;
        if (conf)
                data->tls_session_lifetime = conf->tls_session_lifetime;

And without changing the default ssl configuration now wpa_supplicant
works in my environment. Obviuosly, this can't be a solution.

Wich API do you think is better to use:

1) SSL_CONF_cmd_argv
(https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd_argv.html)

2) OPENSSL_config
(https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_config.html)

with (1) we can pass custom ssl configuration to wpa_supplicant, but
this must be integrated with NetworkManager

with (2) we can create a custom configuration file stanza in
/etc/ssl/openssl.cnf

Regards,
Luca

Bug#911297: wpasupplicant: WPA EAP broken

Reply via email to