OpenSSL: Fix TLS_CONN_TEAP_ANON_DH build with some library versions
The OPENSSL_VERSION_NUMBER ifdef block left out the local variable that
is needed with all versions. In addition, SSL_set_security_level() is
not available with LibreSSL or BoringSSL.
Fixes: 3ec65a8e38
("OpenSSL: Allow anon-DH cipher suites to be added for TEAP")
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
20f1cfc5b2
commit
7456cf57d3
1 changed files with 4 additions and 1 deletions
|
@ -3096,7 +3096,6 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
|
|||
#endif /* CONFIG_SUITEB */
|
||||
|
||||
if (flags & TLS_CONN_TEAP_ANON_DH) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
#ifndef TEAP_DH_ANON_CS
|
||||
#define TEAP_DH_ANON_CS \
|
||||
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:" \
|
||||
|
@ -3109,6 +3108,10 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
|
|||
"ADH-AES256-SHA256:ADH-AES128-SHA256:ADH-AES256-SHA:ADH-AES128-SHA"
|
||||
#endif
|
||||
static const char *cs = TEAP_DH_ANON_CS;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||
!defined(LIBRESSL_VERSION_NUMBER) && \
|
||||
!defined(OPENSSL_IS_BORINGSSL)
|
||||
/*
|
||||
* Need to drop to security level 0 to allow anonymous
|
||||
* cipher suites for EAP-TEAP.
|
||||
|
|
Loading…
Reference in a new issue