DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Make sure local certificate auto chaining is enabled

Browse source 
Number of deployed use cases assume the default OpenSSL behavior of auto
chaining the local certificate is in use. BoringSSL removed this
functionality by default, so we need to restore it here to avoid
breaking existing use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2016-12-21 12:23:15 +02:00 committed by Jouni Malinen
parent 4be02b71bb
commit d7f12e4eb9
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/crypto/tls_openssl.c
View file

@ -972,6 +972,14 @@ void * tls_init(const struct tls_config *conf)
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2); SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3); SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
#ifdef SSL_MODE_NO_AUTO_CHAIN
/* Number of deployed use cases assume the default OpenSSL behavior of
* auto chaining the local certificate is in use. BoringSSL removed this
* functionality by default, so we need to restore it here to avoid
* breaking existing use cases. */
SSL_CTX_clear_mode(ssl, SSL_MODE_NO_AUTO_CHAIN);
#endif /* SSL_MODE_NO_AUTO_CHAIN */
SSL_CTX_set_info_callback(ssl, ssl_info_cb); SSL_CTX_set_info_callback(ssl, ssl_info_cb);
SSL_CTX_set_app_data(ssl, context); SSL_CTX_set_app_data(ssl, context);
if (data->tls_session_lifetime > 0) { if (data->tls_session_lifetime > 0) {