I forgot to attach the actual patch, there we go
diff -Nru wpa-2.10/debian/changelog wpa-2.10/debian/changelog
--- wpa-2.10/debian/changelog 2022-04-09 09:28:35.0 +0200
+++ wpa-2.10/debian/changelog 2022-05-05 11:31:26.0 +0200
@@ -1,3 +1,11 @@
+wpa (2:2.10-9) unstable; urgency=medium
+
+ * debian/patches/allow-legacy-renegotiation.patch:
+allow legacy renegotiation to fix PEAP issues with some servers
+(Closes: #1010603)
+
+ -- Sebastien Bacher Thu, 05 May 2022 11:31:26 +0200
+
wpa (2:2.10-8) unstable; urgency=medium
* Pull the defconfig updates from the upstream’s Git.
diff -Nru wpa-2.10/debian/patches/allow-legacy-renegotiation.patch wpa-2.10/debian/patches/allow-legacy-renegotiation.patch
--- wpa-2.10/debian/patches/allow-legacy-renegotiation.patch 1970-01-01 01:00:00.0 +0100
+++ wpa-2.10/debian/patches/allow-legacy-renegotiation.patch 2022-05-05 11:31:26.0 +0200
@@ -0,0 +1,24 @@
+# Description: allow legacy renegotiation to fix PEAP issues with some servers
+# Upstream: http://lists.infradead.org/pipermail/hostap/2022-May/040511.html
+#
+Index: wpa-2.10/src/crypto/tls_openssl.c
+===
+--- wpa-2.10.orig/src/crypto/tls_openssl.c
wpa-2.10/src/crypto/tls_openssl.c
+@@ -1056,6 +1056,16 @@ void * tls_init(const struct tls_config
+ SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
+ SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
+
++ /* Many enterprise PEAP server implementations (e.g. used in large
++ corporations and universities) do not support RFC5746 secure
++ renegotiation, and starting with OpenSSL 3.0,
++ SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL.
++ So until we implement a way to request SSL_OP_LEGACY_SERVER_CONNECT
++ only in EAP peer mode, just set SSL_OP_LEGACY_SERVER_CONNECT
++ globally. */
++
++ SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
++
+ SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ #ifdef SSL_MODE_NO_AUTO_CHAIN
diff -Nru wpa-2.10/debian/patches/series wpa-2.10/debian/patches/series
--- wpa-2.10/debian/patches/series 2022-04-09 09:28:35.0 +0200
+++ wpa-2.10/debian/patches/series 2022-05-05 11:31:26.0 +0200
@@ -7,3 +7,4 @@
manpage-replace-wheel-with-netdev.patch
upstream-fixes/0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch
upstream-fixes/0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch
+allow-legacy-renegotiation.patch