aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-07-13 19:36:07 (GMT)
committerJouni Malinen <j@w1.fi>2019-07-13 19:49:22 (GMT)
commit7456cf57d35df8301e39a956ba2f778ba92e815f (patch)
tree5a3ed263cbdcbb70c66ec1ba9a67d7788c5e12e1
parent20f1cfc5b295a08896f948e8abc70d6a2b69e59d (diff)
downloadhostap-7456cf57d35df8301e39a956ba2f778ba92e815f.zip
hostap-7456cf57d35df8301e39a956ba2f778ba92e815f.tar.gz
hostap-7456cf57d35df8301e39a956ba2f778ba92e815f.tar.bz2
OpenSSL: Fix TLS_CONN_TEAP_ANON_DH build with some library versions
The OPENSSL_VERSION_NUMBER ifdef block left out the local variable that is needed with all versions. In addition, SSL_set_security_level() is not available with LibreSSL or BoringSSL. Fixes: 3ec65a8e38a0 ("OpenSSL: Allow anon-DH cipher suites to be added for TEAP") Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/crypto/tls_openssl.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 9013339..d58cb82 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3096,7 +3096,6 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
#endif /* CONFIG_SUITEB */
if (flags & TLS_CONN_TEAP_ANON_DH) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
#ifndef TEAP_DH_ANON_CS
#define TEAP_DH_ANON_CS \
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:" \
@@ -3109,6 +3108,10 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
"ADH-AES256-SHA256:ADH-AES128-SHA256:ADH-AES256-SHA:ADH-AES128-SHA"
#endif
static const char *cs = TEAP_DH_ANON_CS;
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
+ !defined(LIBRESSL_VERSION_NUMBER) && \
+ !defined(OPENSSL_IS_BORINGSSL)
/*
* Need to drop to security level 0 to allow anonymous
* cipher suites for EAP-TEAP.