Merge branch '3.0' into 3.1
This commit is contained in:
commit
87d75770c4
@ -1,3 +1,3 @@
|
||||
d1b2a1f31cea2c529358d7e73bcda6bd dnsmasq
|
||||
1d654e80888ab5dbba015548fd284d46 dnsmasq-2.70.tar.xz
|
||||
9e2e4d59c75e71ee3ca817ff0f9be69e dnsmasq-2.71.tar.xz
|
||||
7f4f17ceb6c1d5fe7b4eaa213405c472 dnsmasq-config.patch
|
||||
|
@ -3,7 +3,7 @@
|
||||
# Maintainer: Juergen Daubert, jue at crux dot nu
|
||||
|
||||
name=dnsmasq
|
||||
version=2.70
|
||||
version=2.71
|
||||
release=1
|
||||
source=(http://www.thekelleys.org.uk/$name/$name-$version.tar.xz \
|
||||
$name-config.patch dnsmasq)
|
||||
|
@ -1 +1 @@
|
||||
2a067ebb3648434aba24da4aafc4b71e flash-plugin-11.2.202.356-release.x86_64.rpm
|
||||
6650ad4720fb73b2bc65fe19168df0d7 flash-plugin-11.2.202.359-release.x86_64.rpm
|
||||
|
@ -5,7 +5,7 @@
|
||||
# Depends on:
|
||||
|
||||
name=flash-player-plugin
|
||||
version=11.2.202.356
|
||||
version=11.2.202.359
|
||||
release=1
|
||||
source=(http://fpdownload.macromedia.com/get/flashplayer/pdc/$version/flash-plugin-$version-release.x86_64.rpm)
|
||||
|
||||
|
@ -1 +1,2 @@
|
||||
ba6674b926dc30cfca46cf9a6bdacd23 revert-51e3eaf.patch
|
||||
e96b8db5a8171cd17a5b2012d6ad7cc7 wpa_supplicant-2.1.tar.gz
|
||||
|
@ -5,10 +5,13 @@
|
||||
|
||||
name=wpa_supplicant
|
||||
version=2.1
|
||||
release=1
|
||||
source=(http://hostap.epitest.fi/releases/$name-$version.tar.gz)
|
||||
release=2
|
||||
source=(http://hostap.epitest.fi/releases/$name-$version.tar.gz \
|
||||
revert-51e3eaf.patch)
|
||||
|
||||
build () {
|
||||
patch -d $name-$version -p1 -i $SRC/revert-51e3eaf.patch
|
||||
|
||||
cd $name-$version/$name
|
||||
|
||||
cp defconfig .config
|
||||
|
68
wpa_supplicant/revert-51e3eaf.patch
Normal file
68
wpa_supplicant/revert-51e3eaf.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Wed, 19 Feb 2014 09:56:02 +0000
|
||||
Subject: Revert "OpenSSL: Do not accept SSL Client certificate for server"
|
||||
|
||||
This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are
|
||||
too many deployed AAA servers that include both id-kp-clientAuth and
|
||||
id-kp-serverAuth EKUs for this change to be acceptable as a generic rule
|
||||
for AAA authentication server validation. OpenSSL enforces the policy of
|
||||
not connecting if only id-kp-clientAuth is included. If a valid EKU is
|
||||
listed with it, the connection needs to be accepted.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
|
||||
index 287fd33..feba13f 100644
|
||||
--- a/src/crypto/tls.h
|
||||
+++ b/src/crypto/tls.h
|
||||
@@ -41,8 +41,7 @@ enum tls_fail_reason {
|
||||
TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
|
||||
TLS_FAIL_BAD_CERTIFICATE = 7,
|
||||
TLS_FAIL_SERVER_CHAIN_PROBE = 8,
|
||||
- TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
|
||||
- TLS_FAIL_SERVER_USED_CLIENT_CERT = 10
|
||||
+ TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9
|
||||
};
|
||||
|
||||
union tls_event_data {
|
||||
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
|
||||
index a13fa38..8cf1de8 100644
|
||||
--- a/src/crypto/tls_openssl.c
|
||||
+++ b/src/crypto/tls_openssl.c
|
||||
@@ -105,7 +105,6 @@ struct tls_connection {
|
||||
unsigned int ca_cert_verify:1;
|
||||
unsigned int cert_probe:1;
|
||||
unsigned int server_cert_only:1;
|
||||
- unsigned int server:1;
|
||||
|
||||
u8 srv_cert_hash[32];
|
||||
|
||||
@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||
TLS_FAIL_SERVER_CHAIN_PROBE);
|
||||
}
|
||||
|
||||
- if (!conn->server && err_cert && preverify_ok && depth == 0 &&
|
||||
- (err_cert->ex_flags & EXFLAG_XKUSAGE) &&
|
||||
- (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
|
||||
- wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
|
||||
- openssl_tls_fail_event(conn, err_cert, err, depth, buf,
|
||||
- "Server used client certificate",
|
||||
- TLS_FAIL_SERVER_USED_CLIENT_CERT);
|
||||
- preverify_ok = 0;
|
||||
- }
|
||||
-
|
||||
if (preverify_ok && context->event_cb != NULL)
|
||||
context->event_cb(context->cb_ctx,
|
||||
TLS_CERT_CHAIN_SUCCESS, NULL);
|
||||
@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
|
||||
int res;
|
||||
struct wpabuf *out_data;
|
||||
|
||||
- conn->server = !!server;
|
||||
-
|
||||
/*
|
||||
* Give TLS handshake data from the server (if available) to OpenSSL
|
||||
* for processing.
|
||||
--
|
||||
cgit v0.9.2
|
Loading…
Reference in New Issue
Block a user