21 lines
982 B
Diff
21 lines
982 B
Diff
diff -up wpa_supplicant-2.10/src/crypto/tls_openssl.c.legacy-server-connect wpa_supplicant-2.10/src/crypto/tls_openssl.c
|
|
--- wpa_supplicant-2.10/src/crypto/tls_openssl.c.legacy-server-connect 2022-01-16 15:51:29.000000000 -0500
|
|
+++ wpa_supplicant-2.10/src/crypto/tls_openssl.c 2022-04-28 02:47:26.863529683 -0400
|
|
@@ -1049,6 +1049,16 @@
|
|
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
|
|
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
|
|
|
|
+ /* Many enterprise PEAP server implementations (e.g. used in large
|
|
+ corporations and universities) do not support RFC5746 secure
|
|
+ renegotiation, and starting with OpenSSL 3.0,
|
|
+ SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL.
|
|
+ So until we implement a way to request SSL_OP_LEGACY_SERVER_CONNECT
|
|
+ only in EAP peer mode, just set SSL_OP_LEGACY_SERVER_CONNECT
|
|
+ globally. */
|
|
+
|
|
+ SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
|
|
+
|
|
SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
|
|
|
|
#ifdef SSL_MODE_NO_AUTO_CHAIN
|