aboutsummaryrefslogtreecommitdiffstats
path: root/hs20
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-10-09 21:07:32 (GMT)
committerJouni Malinen <j@w1.fi>2015-10-09 21:07:32 (GMT)
commit63d9bf81aba9613937652a12f5d6c7b394de8003 (patch)
tree50487fc27a55307e919ea79f6a4c3a6ca4b431aa /hs20
parentcc2994024d859ecf60a48e81723e9b5838012dd3 (diff)
downloadhostap-63d9bf81aba9613937652a12f5d6c7b394de8003.zip
hostap-63d9bf81aba9613937652a12f5d6c7b394de8003.tar.gz
hostap-63d9bf81aba9613937652a12f5d6c7b394de8003.tar.bz2
hs20-osu-client: Disable EST with BoringSSL to fix build
BoringSSL has dropped OpenSSL functionality that was used in the EST implementation. For now, disable EST with BoringSSL to allow hs20-osu-client to be built. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hs20')
-rw-r--r--hs20/client/est.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/hs20/client/est.c b/hs20/client/est.c
index ec05bc4..c22d9ca 100644
--- a/hs20/client/est.c
+++ b/hs20/client/est.c
@@ -27,6 +27,11 @@
static int pkcs7_to_cert(struct hs20_osu_client *ctx, const u8 *pkcs7,
size_t len, char *pem_file, char *der_file)
{
+#ifdef OPENSSL_IS_BORINGSSL
+ wpa_printf(MSG_ERROR,
+ "EST: pkcs7_to_cert not yet supported with BoringSSL");
+ return -1;
+#else /* OPENSSL_IS_BORINGSSL */
PKCS7 *p7 = NULL;
const unsigned char *p = pkcs7;
STACK_OF(X509) *certs;
@@ -89,6 +94,7 @@ fail:
BIO_free_all(out);
return ret;
+#endif /* OPENSSL_IS_BORINGSSL */
}
@@ -216,6 +222,8 @@ ASN1_CHOICE(CsrAttrs) = {
IMPLEMENT_ASN1_FUNCTIONS(CsrAttrs);
+#ifndef OPENSSL_IS_BORINGSSL
+
static void add_csrattrs_oid(struct hs20_osu_client *ctx, ASN1_OBJECT *oid,
STACK_OF(X509_EXTENSION) *exts)
{
@@ -324,11 +332,18 @@ static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs,
}
}
+#endif /* OPENSSL_IS_BORINGSSL */
+
static int generate_csr(struct hs20_osu_client *ctx, char *key_pem,
char *csr_pem, char *est_req, char *old_cert,
CsrAttrs *csrattrs)
{
+#ifdef OPENSSL_IS_BORINGSSL
+ wpa_printf(MSG_ERROR,
+ "EST: CSR generation not yet supported with BoringSSL");
+ return -1;
+#else /* OPENSSL_IS_BORINGSSL */
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
RSA *rsa;
@@ -535,6 +550,7 @@ fail:
if (pctx)
EVP_PKEY_CTX_free(pctx);
return ret;
+#endif /* OPENSSL_IS_BORINGSSL */
}