Tuesday, October 03, 2023

Re: Support for TLS 1.0 in recent wpa_supplicant builds

On 2023/10/03 21:15, Stuart Henderson wrote:
> On 2023/10/03 19:17, haywirrr wrote:
> > It would seem that the latest snapshot version of wpa_supplicant was
> > compiled using a version of LibreSSL that does not support TLS 1.0.
> > While this doesn't surprise me, my ISP requires 802.1X authentication
> > and only TLS 1.0 is available.
> >
> > I attempted to build wpa_supplicant from ports using LibreSSL 3.7.3
> > but I am running into build errors along the way. I am hoping that
> > someone may be able to point me in the right direction in terms of
> > the correct compilation flags, or perhaps suggest a different 802.1X
> > client.
>
> OpenBSD only uses the standard version of LibreSSL from the base
> OS, which no longer allows setting TLS 1.0 or 1.1.
>
> You could try this, which allows building with OpenSSL instead.
> Set "FLAVOR=openssl" on the command line when building (e.g.
> 'pkg_delete wpa_supplicant; FLAVOR=openssl make install').

oops, rpath also needed, new diff

Index: Makefile
===================================================================
RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v
retrieving revision 1.53
diff -u -p -r1.53 Makefile
--- Makefile 27 Sep 2023 16:34:38 -0000 1.53
+++ Makefile 3 Oct 2023 20:48:14 -0000
@@ -1,7 +1,7 @@
COMMENT= IEEE 802.1X supplicant

DISTNAME= wpa_supplicant-2.9
-REVISION= 2
+REVISION= 3
CATEGORIES= security net

HOMEPAGE= https://w1.fi/wpa_supplicant/
@@ -9,7 +9,7 @@ HOMEPAGE= https://w1.fi/wpa_supplicant/
# BSD
PERMIT_PACKAGE= Yes

-WANTLIB += c ssl crypto pcap pcsclite pthread
+WANTLIB += c pcap pcsclite pthread

LIB_DEPENDS= security/pcsc-lite

@@ -18,7 +18,24 @@ SITES= https://w1.fi/releases/
USE_GMAKE= Yes
NO_TEST= Yes
MAKE_FLAGS= V=1
-MAKE_ENV= CFLAGS="${CFLAGS}" CC="${CC}"
+MAKE_ENV= CC="${CC}" \
+ CFLAGS="${CFLAGS}" \
+ LIBS="-L${LOCALBASE}/lib ${LIBS}"
+
+FLAVORS= openssl
+FLAVOR?=
+
+CFLAGS+= -I${LOCALBASE}/include/PCSC
+
+.if ${FLAVOR:Mopenssl}
+LIB_DEPENDS += security/openssl/3.1
+CFLAGS += -Wno-deprecated-declarations -I${LOCALBASE}/include/eopenssl31
+LIBS += -Wl,-rpath ${LOCALBASE}/lib/eopenssl31 -L${LOCALBASE}/lib/eopenssl31
+# -lssl -lcrypto
+WANTLIB += lib/eopenssl31/crypto lib/eopenssl31/ssl
+.else
+WANTLIB += crypto ssl
+.endif

WRKSRC= ${WRKDIST}/wpa_supplicant

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)