diff options
author | Andrew Shadura <andrew.shadura@collabora.co.uk> | 2017-11-28 19:54:04 +0100 |
---|---|---|
committer | Andrew Shadura <andrew.shadura@collabora.co.uk> | 2017-11-29 08:57:10 +0100 |
commit | d576a7a1fbb187e8998f709b32fa679e56495a1a (patch) | |
tree | c22e717d551b7e4a41228373d2588e3b6ff5cf14 /debian | |
parent | bdab80f99ed000b7d7a4150f06d044a9222aa876 (diff) |
Unbreak EAP-TLS.
wpa_supplicant[3208]: Enter PEM pass phrase:
wpa_supplicant[3208]: OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
wpa_supplicant[3208]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
wpa_supplicant[3208]: OpenSSL: tls_connection_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0)
wpa_supplicant[3208]: TLS: Failed to load private key '/home/me/.certs/some_key.pem'
wpa_supplicant[3208]: TLS: Failed to set TLS connection parameters
Arch Linux bug: https://bugs.archlinux.org/task/54233
OpenSSL issue: https://github.com/openssl/openssl/issues/3594
Thanks: Dmitry Borodaenko <angdraug@debian.org>
Gbp-Dch: short
Diffstat (limited to 'debian')
-rw-r--r-- | debian/patches/fix-pem-decryption.patch | 29 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 30 insertions, 0 deletions
diff --git a/debian/patches/fix-pem-decryption.patch b/debian/patches/fix-pem-decryption.patch new file mode 100644 index 0000000..9b90736 --- /dev/null +++ b/debian/patches/fix-pem-decryption.patch @@ -0,0 +1,29 @@ +From: Lukasz Siudut <lsiudut@gmail.com> +Date: Fri, 2 Jun 2017 11:29:58 +0100 + +This patch fixes this is semi-proper way that should be compatible with both +older versions of OpenSSH and newer one. Basically I'm doing what @mattcaswell +suggested here: +https://github.com/openssl/openssl/issues/3594#issuecomment-305493300 - +calling both SSL_CTX_() functions and the SSL_() functions. Works for me, +would be nice to get feedback from bigger group of testers. + +--- a/src/crypto/tls_openssl.c 2016-10-02 19:51:11.000000000 +0100 ++++ b/src/crypto/tls_openssl.c 2017-06-02 11:17:37.303222333 +0100 +@@ -2779,6 +2779,8 @@ + } else + passwd = NULL; + ++ SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb); ++ SSL_set_default_passwd_cb_userdata(conn->ssl, passwd); + SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); + SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); + +@@ -2869,6 +2871,7 @@ + return -1; + } + ERR_clear_error(); ++ SSL_set_default_passwd_cb(conn->ssl, NULL); + SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); + os_free(passwd); + diff --git a/debian/patches/series b/debian/patches/series index b72b558..69d62cc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -22,3 +22,4 @@ VU-228519/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch VU-228519/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch VU-228519/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch wpa_disable_eapol_key_retries.patch +fix-pem-decryption.patch |