| 123456789101112131415161718192021 |
- diff -up wpa_supplicant-2.10/src/crypto/tls_openssl.c.legacy-server-connect wpa_supplicant-2.10/src/crypto/tls_openssl.c
- --- wpa_supplicant-2.10/src/crypto/tls_openssl.c.legacy-server-connect 2022-01-16 15:51:29.000000000 -0500
- +++ wpa_supplicant-2.10/src/crypto/tls_openssl.c 2022-04-28 02:47:26.863529683 -0400
- @@ -1049,6 +1049,16 @@
- SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
- SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
-
- + /* Many enterprise PEAP server implementations (e.g. used in large
- + corporations and universities) do not support RFC5746 secure
- + renegotiation, and starting with OpenSSL 3.0,
- + SSL_OP_LEGACY_SERVER_CONNECT is no longer set as part of SSL_OP_ALL.
- + So until we implement a way to request SSL_OP_LEGACY_SERVER_CONNECT
- + only in EAP peer mode, just set SSL_OP_LEGACY_SERVER_CONNECT
- + globally. */
- +
- + SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
- +
- SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
- #ifdef SSL_MODE_NO_AUTO_CHAIN
|
