aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-12-21 10:23:15 (GMT)
committerJouni Malinen <j@w1.fi>2016-12-21 10:23:15 (GMT)
commitd7f12e4eb9fe1f182dadec79b675c274a2618549 (patch)
tree3376c32bf333525f2eee5413130d3df8819fa3d9
parent4be02b71bb82ac8571f533a9214e7205a398e401 (diff)
downloadhostap-d7f12e4eb9fe1f182dadec79b675c274a2618549.zip
hostap-d7f12e4eb9fe1f182dadec79b675c274a2618549.tar.gz
hostap-d7f12e4eb9fe1f182dadec79b675c274a2618549.tar.bz2
OpenSSL: Make sure local certificate auto chaining is enabled
Number of deployed use cases assume the default OpenSSL behavior of auto chaining the local certificate is in use. BoringSSL removed this functionality by default, so we need to restore it here to avoid breaking existing use cases. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--src/crypto/tls_openssl.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 9ca58b3..e274975 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -972,6 +972,14 @@ void * tls_init(const struct tls_config *conf)
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
+#ifdef SSL_MODE_NO_AUTO_CHAIN
+ /* Number of deployed use cases assume the default OpenSSL behavior of
+ * auto chaining the local certificate is in use. BoringSSL removed this
+ * functionality by default, so we need to restore it here to avoid
+ * breaking existing use cases. */
+ SSL_CTX_clear_mode(ssl, SSL_MODE_NO_AUTO_CHAIN);
+#endif /* SSL_MODE_NO_AUTO_CHAIN */
+
SSL_CTX_set_info_callback(ssl, ssl_info_cb);
SSL_CTX_set_app_data(ssl, context);
if (data->tls_session_lifetime > 0) {