forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
net-wireless/wpa_supplicant: Fix EAP-TLS with OpenSSL 1.1
Closes: https://bugs.gentoo.org/671006 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Craig Andrews <[email protected]> Signed-off-by: Rick Farina <[email protected]>
- Loading branch information
1 parent
354bf40
commit 696f377
Showing
2 changed files
with
508 additions
and
0 deletions.
There are no files selected for viewing
48 changes: 48 additions & 0 deletions
48
net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
From f665c93e1d28fbab3d9127a8c3985cc32940824f Mon Sep 17 00:00:00 2001 | ||
From: Beniamino Galvani <[email protected]> | ||
Date: Sun, 9 Jul 2017 11:14:10 +0200 | ||
Subject: OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f | ||
|
||
Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the | ||
callback from the SSL object instead of the one from the CTX, so let's | ||
set the callback on both SSL and CTX. Note that | ||
SSL_set_default_passwd_cb*() is available only in 1.1.0. | ||
|
||
Signed-off-by: Beniamino Galvani <[email protected]> | ||
--- | ||
src/crypto/tls_openssl.c | 12 ++++++++++++ | ||
1 file changed, 12 insertions(+) | ||
|
||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c | ||
index fd94eaf..c790b53 100644 | ||
--- a/src/crypto/tls_openssl.c | ||
+++ b/src/crypto/tls_openssl.c | ||
@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data, | ||
} else | ||
passwd = NULL; | ||
|
||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) | ||
+ /* | ||
+ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback | ||
+ * from the SSL object. See OpenSSL commit d61461a75253. | ||
+ */ | ||
+ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb); | ||
+ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd); | ||
+#endif /* >= 1.1.0f && !LibreSSL */ | ||
+ /* Keep these for OpenSSL < 1.1.0f */ | ||
SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); | ||
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); | ||
|
||
@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data, | ||
return -1; | ||
} | ||
ERR_clear_error(); | ||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) | ||
+ SSL_set_default_passwd_cb(conn->ssl, NULL); | ||
+#endif /* >= 1.1.0f && !LibreSSL */ | ||
SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); | ||
os_free(passwd); | ||
|
||
-- | ||
cgit v0.12 | ||
|
Oops, something went wrong.