aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-07-12 19:29:33 (GMT)
committerJouni Malinen <j@w1.fi>2019-07-12 19:29:33 (GMT)
commit8b57a378081bbc33387c86e994c7d282d413395d (patch)
tree226668fdcf8e02726e2c1d0f3470ae2128a2f450
parent4ff0b909a9dda43b69e2223e3bd112a61f5a6412 (diff)
downloadhostap-8b57a378081bbc33387c86e994c7d282d413395d.zip
hostap-8b57a378081bbc33387c86e994c7d282d413395d.tar.gz
hostap-8b57a378081bbc33387c86e994c7d282d413395d.tar.bz2
OpenSSL: disable TLS 1.3 middlebox compatibility
This will hopefully not be needed for EAP-TLS use cases since there should not really be a middlebox that looks at the TLS layer details in case of EAP authentication. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/crypto/tls_openssl.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index d45543e..39f453d 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1574,6 +1574,11 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
options |= SSL_OP_NO_COMPRESSION;
#endif /* SSL_OP_NO_COMPRESSION */
SSL_set_options(conn->ssl, options);
+#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+ /* Hopefully there is no need for middlebox compatibility mechanisms
+ * when going through EAP authentication. */
+ SSL_clear_options(conn->ssl, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
+#endif
conn->ssl_in = BIO_new(BIO_s_mem());
if (!conn->ssl_in) {