OpenSSL: Fix client certificate chain building after PKCS#12 use

If wpa_supplicant was first configured with PKCS #12 -based client
certificate chain and then used with another network profile that used a
different certificate chain from a X.509 certificate PEM file instead of
PKCS#12, the extra certificate chain was not reconstructed properly with
older versions of OpenSSL that 1.0.2. This could result in the
authentication failing due to the client certificate chain not being
complete or including incorrect certificates.

Fix this by clearing the extra certificate chain when setting up a new
TLS connection with OpenSSL 1.0.1. This allows OpenSSL to build the
chain using the default mechanism in case the new TLS exchange does not
use PKCS#12.

The following hwsim test case sequence was able to find the issue:
ap_wpa2_eap_tls_pkcs12 ap_wpa2_eap_tls_intermediate_ca_ocsp

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

src/crypto/tls_openssl.c

@@ -2234,6 +2234,17 @@ static int tls_connection_client_cert(struct tls_connection *conn,
 	if (client_cert == NULL && client_cert_blob == NULL)
 		return 0;
 
+#ifdef PKCS12_FUNCS
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+	/*
+	 * Clear previously set extra chain certificates, if any, from PKCS#12
+	 * processing in tls_parse_pkcs12() to allow OpenSSL to build a new
+	 * chain properly.
+	 */
+	SSL_CTX_clear_extra_chain_certs(conn->ssl_ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
+#endif /* PKCS12_FUNCS */
+
 	if (client_cert_blob &&
 	    SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
 				     client_cert_blob_len) == 1) {