OpenSSL: Fix TLS_CONN_TEAP_ANON_DH build with some library versions
The OPENSSL_VERSION_NUMBER ifdef block left out the local variable that
is needed with all versions. In addition, SSL_set_security_level() is
not available with LibreSSL or BoringSSL.
Fixes: 3ec65a8e38
("OpenSSL: Allow anon-DH cipher suites to be added for TEAP")
Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
20f1cfc5b2
commit
7456cf57d3
1 changed files with 4 additions and 1 deletions
|
@ -3096,7 +3096,6 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
|
||||||
#endif /* CONFIG_SUITEB */
|
#endif /* CONFIG_SUITEB */
|
||||||
|
|
||||||
if (flags & TLS_CONN_TEAP_ANON_DH) {
|
if (flags & TLS_CONN_TEAP_ANON_DH) {
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
||||||
#ifndef TEAP_DH_ANON_CS
|
#ifndef TEAP_DH_ANON_CS
|
||||||
#define TEAP_DH_ANON_CS \
|
#define TEAP_DH_ANON_CS \
|
||||||
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:" \
|
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:" \
|
||||||
|
@ -3109,6 +3108,10 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
|
||||||
"ADH-AES256-SHA256:ADH-AES128-SHA256:ADH-AES256-SHA:ADH-AES128-SHA"
|
"ADH-AES256-SHA256:ADH-AES128-SHA256:ADH-AES256-SHA:ADH-AES128-SHA"
|
||||||
#endif
|
#endif
|
||||||
static const char *cs = TEAP_DH_ANON_CS;
|
static const char *cs = TEAP_DH_ANON_CS;
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||||
|
!defined(LIBRESSL_VERSION_NUMBER) && \
|
||||||
|
!defined(OPENSSL_IS_BORINGSSL)
|
||||||
/*
|
/*
|
||||||
* Need to drop to security level 0 to allow anonymous
|
* Need to drop to security level 0 to allow anonymous
|
||||||
* cipher suites for EAP-TEAP.
|
* cipher suites for EAP-TEAP.
|
||||||
|
|
Loading…
Reference in a new issue