wpa_supplicant/trunk/tls.patch

   1 diff -u -r wpa_supplicant-2.9/src/crypto/tls_openssl.c wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c
   2 --- wpa_supplicant-2.9/src/crypto/tls_openssl.c 2019-08-07 13:25:25.000000000 +0000
   3 +++ wpa_supplicant-2.9-tls/src/crypto/tls_openssl.c     2020-01-22 22:49:12.575598357 +0000
   4 @@ -1035,6 +1035,13 @@
   5                 os_free(data);
   6                 return NULL;
   7         }
   8 +
   9 +#ifndef EAP_SERVER_TLS
  10 +       /* Enable TLSv1.0 by default to allow connecting to legacy
  11 +        * networks since Debian OpenSSL is set to minimum TLSv1.2 and SECLEVEL=2. */
  12 +       SSL_CTX_set_min_proto_version(ssl, TLS1_VERSION);
  13 +#endif
  14 +
  15         data->ssl = ssl;
  16         if (conf) {
  17                 data->tls_session_lifetime = conf->tls_session_lifetime;
  18 @@ -1577,6 +1584,7 @@
  19  #ifdef SSL_OP_NO_COMPRESSION
  20         options |= SSL_OP_NO_COMPRESSION;
  21  #endif /* SSL_OP_NO_COMPRESSION */
  22 +       options |= SSL_OP_NO_TICKET;
  23         SSL_set_options(conn->ssl, options);
  24  #ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
  25         /* Hopefully there is no need for middlebox compatibility mechanisms
  26 Only in wpa_supplicant-2.9-tls/src/crypto: tls_openssl.c.orig