On 09/01/2019 13:00, Jouni Malinen wrote:
> On Wed, Jan 09, 2019 at 12:18:31PM +0200, Stefan Strogin wrote:
>> When using LibreSSL build fails with:
>>
>> ../src/crypto/tls_openssl.o: in function `tls_connection_client_cert':
>> ../src/crypto/tls_openssl.c:2817: undefined reference to `SSL_use_certificate_chain_file'
>> collect2: error: ld returned 1 exit status
>> make: *** [Makefile:1901: wpa_supplicant] Error 1
>>
>> There is now such function in LibreSSL.
>
> Do you mean "there is no such function" instead of there now being such
> a function? I did not see this in LibreSSL 2.9.0 either.
Oops, sorry, it was a typo. I'll resend the patch. "no such function", of course.
>> @@ -4486,7 +4486,10 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
>> }
>> }
>> #endif
>> -#if OPENSSL_VERSION_NUMBER >= 0x10101000L
>> +#if (!defined(LIBRESSL_VERSION_NUMBER) && \
>> + OPENSSL_VERSION_NUMBER >= 0x10100000L) || \
>> + (defined(LIBRESSL_VERSION_NUMBER) && \
>> + LIBRESSL_VERSION_NUMBER >= 0x20900000L)
>> #ifdef SSL_OP_NO_TLSv1_3
>> if (params->flags & TLS_CONN_EAP_FAST) {
>> /* Need to disable TLS v1.3 at least for now since OpenSSL 1.1.1
>
> But I don't see why this would be needed. That #ifdef SSL_OP_NO_TLSv1_3
> takes care of this without having to make the version check any more
> complex. At least this builds fine for me against LibreSSL 2.8.3.
>
Yes, I see. I'll send v2 without changing this part.
--
Stefan
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
