DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: disable TLS 1.3 middlebox compatibility

Browse source 
This will hopefully not be needed for EAP-TLS use cases since there
should not really be a middlebox that looks at the TLS layer details in
case of EAP authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-07-12 22:29:33 +03:00
parent 4ff0b909a9
commit 8b57a37808
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/crypto/tls_openssl.c
View file

@ -1574,6 +1574,11 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
options |= SSL_OP_NO_COMPRESSION; options |= SSL_OP_NO_COMPRESSION;
#endif /* SSL_OP_NO_COMPRESSION */ #endif /* SSL_OP_NO_COMPRESSION */
SSL_set_options(conn->ssl, options); SSL_set_options(conn->ssl, options);
#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
/* Hopefully there is no need for middlebox compatibility mechanisms
* when going through EAP authentication. */
SSL_clear_options(conn->ssl, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
#endif
conn->ssl_in = BIO_new(BIO_s_mem()); conn->ssl_in = BIO_new(BIO_s_mem());
if (!conn->ssl_in) { if (!conn->ssl_in) {