BoringSSL: Comment out SSL_set1_sigalgs_list() call

It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a 1.1.0 version, but it does not provide SSL_set1_sigalgs_list(). For now, comment out this regardless of the version BoringSSL claims to be. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-17 20:30:37 +02:00 · 2017-11-17 20:30:37 +02:00 · b9dc63c261
parent 3cfbd3b0f6
commit b9dc63c261
1 changed files with 2 additions and 0 deletions
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -2499,12 +2499,14 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags)
 		EC_KEY_free(ecdh);
 	}
 	if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
+#ifndef OPENSSL_IS_BORINGSSL
 		/* ECDSA+SHA384 if need to add EC support here */
 		if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
 			wpa_printf(MSG_INFO,
 				   "OpenSSL: Failed to set Suite B sigalgs");
 			return -1;
 		}
+#endif /* OPENSSL_IS_BORINGSSL */

 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
 		SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);