Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-31 09:14:03 -05:00
Code Issues Projects Releases Wiki Activity

OpenSSL: Skip SSL_OP_NO_TLSv1_3 if not defined to fix LibreSSL build

Browse Source 
LibreSSL v2.7 claims an OPENSSL_VERSION_NUMBER value that would indicate
that SSL_OP_NO_TLSv1_3 is available, but that does not seem to be the
case with LibreSSL. As such, skip this step based on whether
SSL_OP_NO_TLSv1_3 is defined to avoid build issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-04-14 23:48:42 +03:00
parent ba3658cfff
commit dee566d98e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/crypto/tls_openssl.c
View File

@ -4352,6 +4352,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
} }
#endif #endif
#if OPENSSL_VERSION_NUMBER >= 0x10101000L #if OPENSSL_VERSION_NUMBER >= 0x10101000L
#ifdef SSL_OP_NO_TLSv1_3
if (params->flags & TLS_CONN_EAP_FAST) { if (params->flags & TLS_CONN_EAP_FAST) {
/* Need to disable TLS v1.3 at least for now since OpenSSL 1.1.1 /* Need to disable TLS v1.3 at least for now since OpenSSL 1.1.1
* refuses to start the handshake with the modified ciphersuite * refuses to start the handshake with the modified ciphersuite
@ -4359,6 +4360,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
wpa_printf(MSG_DEBUG, "OpenSSL: Disable TLSv1.3 for EAP-FAST"); wpa_printf(MSG_DEBUG, "OpenSSL: Disable TLSv1.3 for EAP-FAST");
SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3); SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
} }
#endif /* SSL_OP_NO_TLSv1_3 */
#endif #endif
#endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */