diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-01-04 21:44:44 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2019-01-05 08:59:47 +0100 |
commit | b595b3d8f623b3c668d13768cde5e711a78f6485 (patch) | |
tree | e2f2643de207d72ae3719cae555753e63f16f6f5 /testing/source/wpa_supplicant/patches/allow-tlsv1.patch | |
parent | b66dbcf50c5c89b5d222a9da91ffa5e6b9592891 (diff) | |
download | current-b595b3d8f623b3c668d13768cde5e711a78f6485.tar.gz current-b595b3d8f623b3c668d13768cde5e711a78f6485.tar.xz |
Fri Jan 4 21:44:44 UTC 201920190104214444
a/hwdata-0.319-noarch-1.txz: Upgraded.
d/doxygen-1.8.14-x86_64-3.txz: Upgraded.
Reverted (for now) to avoid segfault in doxygen-1.8.15.
l/libwpg-0.3.3-x86_64-1.txz: Upgraded.
l/libxml2-2.9.9-x86_64-1.txz: Upgraded.
l/libxslt-1.1.33-x86_64-1.txz: Upgraded.
l/python-pillow-5.4.0-x86_64-1.txz: Upgraded.
x/xterm-342-x86_64-1.txz: Upgraded.
testing/packages/wpa_supplicant-2.7-x86_64-3.txz: Rebuilt.
Apply TLSv1 patch from Debian and make some config changes to fix
WPA2-Enterprise. Once we have some testing results on this we'll consider
moving it back into the main tree. Thanks to gablek.
Diffstat (limited to '')
-rw-r--r-- | testing/source/wpa_supplicant/patches/allow-tlsv1.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/testing/source/wpa_supplicant/patches/allow-tlsv1.patch b/testing/source/wpa_supplicant/patches/allow-tlsv1.patch new file mode 100644 index 000000000..eb5fb7818 --- /dev/null +++ b/testing/source/wpa_supplicant/patches/allow-tlsv1.patch @@ -0,0 +1,22 @@ +From: Andrej Shadura <andrewsh@debian.org> +Subject: Enable TLSv1.0 by default + +OpenSSL 1.1.1 disables TLSv1.0 by default and sets the security level to 2. +Some older networks may support for TLSv1.0 and less secure cyphers. + +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -988,6 +988,13 @@ + os_free(data); + return NULL; + } ++ ++#ifndef EAP_SERVER_TLS ++ /* Enable TLSv1.0 by default to allow connecting to legacy ++ * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */ ++ SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION); ++#endif ++ + data->ssl = ssl; + if (conf) + data->tls_session_lifetime = conf->tls_session_lifetime; |