aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2018-04-14 20:48:42 (GMT)
committerJouni Malinen <j@w1.fi>2018-04-14 21:01:35 (GMT)
commitdee566d98e85e00b917d3eff42cd7e969de089cc (patch)
treea380cf16ca5a1d59d5a2e1f5de92b37adea491d4
parentba3658cfff2278bc2ba24c32773962b37648d0b2 (diff)
downloadhostap-dee566d98e85e00b917d3eff42cd7e969de089cc.zip
hostap-dee566d98e85e00b917d3eff42cd7e969de089cc.tar.gz
hostap-dee566d98e85e00b917d3eff42cd7e969de089cc.tar.bz2
OpenSSL: Skip SSL_OP_NO_TLSv1_3 if not defined to fix LibreSSL build
LibreSSL v2.7 claims an OPENSSL_VERSION_NUMBER value that would indicate that SSL_OP_NO_TLSv1_3 is available, but that does not seem to be the case with LibreSSL. As such, skip this step based on whether SSL_OP_NO_TLSv1_3 is defined to avoid build issues. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/crypto/tls_openssl.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index fa30940..dd8022c 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -4352,6 +4352,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
}
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#ifdef SSL_OP_NO_TLSv1_3
if (params->flags & TLS_CONN_EAP_FAST) {
/* Need to disable TLS v1.3 at least for now since OpenSSL 1.1.1
* refuses to start the handshake with the modified ciphersuite
@@ -4359,6 +4360,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
wpa_printf(MSG_DEBUG, "OpenSSL: Disable TLSv1.3 for EAP-FAST");
SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
}
+#endif /* SSL_OP_NO_TLSv1_3 */
#endif
#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */