jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

BoringSSL: Comment out SSL_build_cert_chain() call

Browse source 
It looks like BoringSSL does include that function even though it claims
support for OPENSSL_VERSION_NUMBER where this is available (1.0.2). For
now, comment out that call to fix build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-08-17 21:34:11 +03:00 committed by Jouni Malinen
parent 812f28b79c
commit 226cdea6ca
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/crypto/tls_openssl.c
View file

@ -2125,6 +2125,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
} }
} }
sk_X509_free(certs); sk_X509_free(certs);
#ifndef OPENSSL_IS_BORINGSSL
res = SSL_build_cert_chain(ssl, res = SSL_build_cert_chain(ssl,
SSL_BUILD_CHAIN_FLAG_CHECK | SSL_BUILD_CHAIN_FLAG_CHECK |
SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR); SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
@ -2135,6 +2136,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"TLS: Ignore certificate chain verification error when building chain with PKCS#12 extra certificates"); "TLS: Ignore certificate chain verification error when building chain with PKCS#12 extra certificates");
} }
#endif /* OPENSSL_IS_BORINGSSL */
/* /*
* Try to continue regardless of result since it is possible for * Try to continue regardless of result since it is possible for
* the extra certificates not to be required. * the extra certificates not to be required.