upgpkg: sbcl 2.3.1-1
[arch-packages.git] / wpa_supplicant / repos / core-x86_64 / wpa_supplicant-legacy-server-connect.patch
blobf42124dbec6f637173019da28367ed022c70aad1
1 # Patch origin: https://bugzilla.redhat.com/show_bug.cgi?id=2072070#c24
3 diff -up wpa_supplicant-2.10/src/crypto/tls_openssl.c.legacy-server-connect wpa_supplicant-2.10/src/crypto/tls_openssl.c
4 --- wpa_supplicant-2.10/src/crypto/tls_openssl.c.legacy-server-connect 2022-01-16 15:51:29.000000000 -0500
5 +++ wpa_supplicant-2.10/src/crypto/tls_openssl.c 2022-04-28 02:47:26.863529683 -0400
6 @@ -1049,6 +1049,16 @@
7 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
8 SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
10 + /* Many enterprise PEAP server implementations (e.g. used in large
11 + corporations and universities) do not support RFC5746 secure
12 + renegotiation, and starting with OpenSSL 3.0,
13 + SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL.
14 + So until we implement a way to request SSL_OP_LEGACY_SERVER_CONNECT
15 + only in EAP peer mode, just set SSL_OP_LEGACY_SERVER_CONNECT
16 + globally. */
18 + SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
20 SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
22 #ifdef SSL_MODE_NO_AUTO_CHAIN