jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

BoringSSL: Comment out SSL_set1_sigalgs_list() call

Browse source 
It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide SSL_set1_sigalgs_list(). For now,
comment out this regardless of the version BoringSSL claims to be.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-11-17 20:30:37 +02:00 committed by Jouni Malinen
parent 3cfbd3b0f6
commit b9dc63c261
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/crypto/tls_openssl.c
View file

@ -2499,12 +2499,14 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags)
EC_KEY_free(ecdh); EC_KEY_free(ecdh);
} }
if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) { if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
#ifndef OPENSSL_IS_BORINGSSL
/* ECDSA+SHA384 if need to add EC support here */ /* ECDSA+SHA384 if need to add EC support here */
if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) { if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"OpenSSL: Failed to set Suite B sigalgs"); "OpenSSL: Failed to set Suite B sigalgs");
return -1; return -1;
} }
#endif /* OPENSSL_IS_BORINGSSL */
SSL_set_options(ssl, SSL_OP_NO_TLSv1); SSL_set_options(ssl, SSL_OP_NO_TLSv1);
SSL_set_options(ssl, SSL_OP_NO_TLSv1_1); SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);