OpenSSL: Remove EAP-FAST TLSv1.0 only workaround for OpenSSL 1.1.0
The issue with the special form of TLS session tickets has been fixed in the OpenSSL 1.1.0 branch, so disable workaround for it. OpenSSL 1.0.1 and 1.0.2 workaround is still in place until a release with the fix has been made. This allows TLSv1.1 and TLSv1.2 to be negotiated for EAP-FAST with the OpenSSL versions that support this. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
9dd21d5183
commit
06836013d3
1 changed files with 2 additions and 0 deletions
|
@ -3631,6 +3631,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
||||||
if (can_pkcs11 == 2 && !engine_id)
|
if (can_pkcs11 == 2 && !engine_id)
|
||||||
engine_id = "pkcs11";
|
engine_id = "pkcs11";
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
if (params->flags & TLS_CONN_EAP_FAST) {
|
if (params->flags & TLS_CONN_EAP_FAST) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"OpenSSL: Use TLSv1_method() for EAP-FAST");
|
"OpenSSL: Use TLSv1_method() for EAP-FAST");
|
||||||
|
@ -3640,6 +3641,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
while ((err = ERR_get_error())) {
|
while ((err = ERR_get_error())) {
|
||||||
wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
|
wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s",
|
||||||
|
|
Loading…
Reference in a new issue