BoringSSL: Comment out SSL_set1_sigalgs_list() call
It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a 1.1.0 version, but it does not provide SSL_set1_sigalgs_list(). For now, comment out this regardless of the version BoringSSL claims to be. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
3cfbd3b0f6
commit
b9dc63c261
1 changed files with 2 additions and 0 deletions
|
|
@ -2499,12 +2499,14 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags)
|
|||
EC_KEY_free(ecdh);
|
||||
}
|
||||
if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
|
||||
#ifndef OPENSSL_IS_BORINGSSL
|
||||
/* ECDSA+SHA384 if need to add EC support here */
|
||||
if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"OpenSSL: Failed to set Suite B sigalgs");
|
||||
return -1;
|
||||
}
|
||||
#endif /* OPENSSL_IS_BORINGSSL */
|
||||
|
||||
SSL_set_options(ssl, SSL_OP_NO_TLSv1);
|
||||
SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);
|
||||
|
|
|
|||
Loading…
Reference in a new issue