From b9dc63c261ffc32915eda403812fac11c20cb431 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 17 Nov 2017 20:30:37 +0200 Subject: [PATCH] BoringSSL: Comment out SSL_set1_sigalgs_list() call It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a 1.1.0 version, but it does not provide SSL_set1_sigalgs_list(). For now, comment out this regardless of the version BoringSSL claims to be. Signed-off-by: Jouni Malinen --- src/crypto/tls_openssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index beca18d29..3f024840c 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2499,12 +2499,14 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags) EC_KEY_free(ecdh); } if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) { +#ifndef OPENSSL_IS_BORINGSSL /* ECDSA+SHA384 if need to add EC support here */ if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) { wpa_printf(MSG_INFO, "OpenSSL: Failed to set Suite B sigalgs"); return -1; } +#endif /* OPENSSL_IS_BORINGSSL */ SSL_set_options(ssl, SSL_OP_NO_TLSv1); SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);