Re: [PATCH] Fix eapol_test build against OpenSSL 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Dec 16, 2023 at 5:34 PM Jouni Malinen <j@xxxxx> wrote:
>
> On Wed, Dec 13, 2023 at 12:33:38AM +0100, Jouke Witteveen wrote:
> > eapol_test uses the ENGINE API of OpenSSL, which has been deprecated
> > as of OpenSSL 3. Rather than migrating the code to the new API or
> > pretending that we do not support OpenSSL 3, accept that we use
> > deprecated functionality.
>
> How have you configured the build? Did you explicitly define
> CONFIG_SMARTCARD=y in wpa_supplicant/.config? OpenSSL ENGINE API should
> not be used by default, but it will be used if you explicitly enable
> functionality that needs it. And if that is indeed the case, it would
> seem more reasonable to add this type of workarounds in
> wpa_supplicant/.config when needed.

I took the .config used by my distribution (Arch Linux). Indeed, it
includes CONFIG_SMARTCARD=y.

> > diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
> > @@ -184,7 +184,7 @@ CFLAGS += -DCONFIG_ELOOP_KQUEUE
> >  endif
> >
> >  ifdef CONFIG_EAPOL_TEST
> > -CFLAGS += -Werror -DEAPOL_TEST
> > +CFLAGS += -Werror -Wno-error=deprecated-declarations -DEAPOL_TEST
> >  endif
>
> That does not look like the correct place since this is in no way
> limited to eapol_test. I'd add that in wpa_supplicant/.config instead
> whenever configuring the build to include functionality that needs the
> OpenSSL ENGINE API. This should not be forced to be included for all
> other cases that do not need this.

My patch is based on the Debian packaging patch that disables "-Werror":
https://sources.debian.org/patches/wpa/2:2.10-12/disable-eapol-werror.patch/
This patch is used at least also by Arch Linux.
Wouldn't it make sense to make sure we can build against OpenSSL3 out
of the box? Warnings make sense to me, but requiring people to tweak
their .config for something that we could easily detect automatically
sounds a bit unergonomic to me.

Regards,
- Jouke

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux