diff options
author | Craig Andrews <candrews@gentoo.org> | 2018-12-03 15:21:11 -0500 |
---|---|---|
committer | Rick Farina <zerochaos@gentoo.org> | 2018-12-03 20:39:10 -0500 |
commit | 696f3772a422e25bd62e69d497717985d1fe295d (patch) | |
tree | 642937fd5631d7456fdb9f3332c4de795ace1082 /net-wireless/wpa_supplicant/files | |
parent | sys-cluster/kubectl: Version bump to 1.13.0 (diff) | |
download | gentoo-696f3772a422e25bd62e69d497717985d1fe295d.tar.gz gentoo-696f3772a422e25bd62e69d497717985d1fe295d.tar.bz2 gentoo-696f3772a422e25bd62e69d497717985d1fe295d.zip |
net-wireless/wpa_supplicant: Fix EAP-TLS with OpenSSL 1.1
Closes: https://bugs.gentoo.org/671006
Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Craig Andrews <candrews@gentoo.org>
Signed-off-by: Rick Farina <zerochaos@gentoo.org>
Diffstat (limited to 'net-wireless/wpa_supplicant/files')
-rw-r--r-- | net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch new file mode 100644 index 000000000000..1e2335f34c06 --- /dev/null +++ b/net-wireless/wpa_supplicant/files/wpa_supplicant-2.6-openssl-1.1.patch @@ -0,0 +1,48 @@ +From f665c93e1d28fbab3d9127a8c3985cc32940824f Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani <bgalvani@redhat.com> +Date: Sun, 9 Jul 2017 11:14:10 +0200 +Subject: OpenSSL: Fix private key password handling with OpenSSL >= 1.1.0f + +Since OpenSSL version 1.1.0f, SSL_use_PrivateKey_file() uses the +callback from the SSL object instead of the one from the CTX, so let's +set the callback on both SSL and CTX. Note that +SSL_set_default_passwd_cb*() is available only in 1.1.0. + +Signed-off-by: Beniamino Galvani <bgalvani@redhat.com> +--- + src/crypto/tls_openssl.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c +index fd94eaf..c790b53 100644 +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -2796,6 +2796,15 @@ static int tls_connection_private_key(struct tls_data *data, + } else + passwd = NULL; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++ /* ++ * In OpenSSL >= 1.1.0f SSL_use_PrivateKey_file() uses the callback ++ * from the SSL object. See OpenSSL commit d61461a75253. ++ */ ++ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb); ++ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd); ++#endif /* >= 1.1.0f && !LibreSSL */ ++ /* Keep these for OpenSSL < 1.1.0f */ + SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); + SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); + +@@ -2886,6 +2895,9 @@ static int tls_connection_private_key(struct tls_data *data, + return -1; + } + ERR_clear_error(); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++ SSL_set_default_passwd_cb(conn->ssl, NULL); ++#endif /* >= 1.1.0f && !LibreSSL */ + SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); + os_free(passwd); + +-- +cgit v0.12 + |