From 226cdea6cae3e88697ffcac13e143f27d2a70dfc Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 17 Aug 2015 21:34:11 +0300 Subject: [PATCH] BoringSSL: Comment out SSL_build_cert_chain() call It looks like BoringSSL does include that function even though it claims support for OPENSSL_VERSION_NUMBER where this is available (1.0.2). For now, comment out that call to fix build. Signed-off-by: Jouni Malinen --- src/crypto/tls_openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 22e9abbb1..5daf9ff22 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2125,6 +2125,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, } } sk_X509_free(certs); +#ifndef OPENSSL_IS_BORINGSSL res = SSL_build_cert_chain(ssl, SSL_BUILD_CHAIN_FLAG_CHECK | SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR); @@ -2135,6 +2136,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, wpa_printf(MSG_DEBUG, "TLS: Ignore certificate chain verification error when building chain with PKCS#12 extra certificates"); } +#endif /* OPENSSL_IS_BORINGSSL */ /* * Try to continue regardless of result since it is possible for * the extra certificates not to be required.