[arch-commits] Commit in wpa_supplicant/trunk (3 files)
Anatol Pomozov
anatolik at nymeria.archlinux.org
Fri Jul 4 17:39:36 UTC 2014
Date: Friday, July 4, 2014 @ 19:39:36
Author: anatolik
Revision: 216498
upgpkg: wpa_supplicant 2.2-1
Modified:
wpa_supplicant/trunk/PKGBUILD
wpa_supplicant/trunk/config
Deleted:
wpa_supplicant/trunk/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch
-----------------------------------------------------------------+
0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch | 74 ----------
PKGBUILD | 17 --
config | 5
3 files changed, 10 insertions(+), 86 deletions(-)
Deleted: 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch
===================================================================
--- 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch 2014-07-04 17:10:14 UTC (rev 216497)
+++ 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch 2014-07-04 17:39:36 UTC (rev 216498)
@@ -1,74 +0,0 @@
-From b62d5b5450101676a0c05691b4bcd94e11426397 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j at w1.fi>
-Date: Wed, 19 Feb 2014 11:56:02 +0200
-Subject: [PATCH] Revert "OpenSSL: Do not accept SSL Client certificate for
- server"
-
-This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are
-too many deployed AAA servers that include both id-kp-clientAuth and
-id-kp-serverAuth EKUs for this change to be acceptable as a generic rule
-for AAA authentication server validation. OpenSSL enforces the policy of
-not connecting if only id-kp-clientAuth is included. If a valid EKU is
-listed with it, the connection needs to be accepted.
-
-Signed-off-by: Jouni Malinen <j at w1.fi>
----
- src/crypto/tls.h | 3 +--
- src/crypto/tls_openssl.c | 13 -------------
- 2 files changed, 1 insertion(+), 15 deletions(-)
-
-diff --git a/src/crypto/tls.h b/src/crypto/tls.h
-index 287fd33..feba13f 100644
---- a/src/crypto/tls.h
-+++ b/src/crypto/tls.h
-@@ -41,8 +41,7 @@ enum tls_fail_reason {
- TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
- TLS_FAIL_BAD_CERTIFICATE = 7,
- TLS_FAIL_SERVER_CHAIN_PROBE = 8,
-- TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
-- TLS_FAIL_SERVER_USED_CLIENT_CERT = 10
-+ TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9
- };
-
- union tls_event_data {
-diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
-index a13fa38..8cf1de8 100644
---- a/src/crypto/tls_openssl.c
-+++ b/src/crypto/tls_openssl.c
-@@ -105,7 +105,6 @@ struct tls_connection {
- unsigned int ca_cert_verify:1;
- unsigned int cert_probe:1;
- unsigned int server_cert_only:1;
-- unsigned int server:1;
-
- u8 srv_cert_hash[32];
-
-@@ -1480,16 +1479,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
- TLS_FAIL_SERVER_CHAIN_PROBE);
- }
-
-- if (!conn->server && err_cert && preverify_ok && depth == 0 &&
-- (err_cert->ex_flags & EXFLAG_XKUSAGE) &&
-- (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
-- wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
-- openssl_tls_fail_event(conn, err_cert, err, depth, buf,
-- "Server used client certificate",
-- TLS_FAIL_SERVER_USED_CLIENT_CERT);
-- preverify_ok = 0;
-- }
--
- if (preverify_ok && context->event_cb != NULL)
- context->event_cb(context->cb_ctx,
- TLS_CERT_CHAIN_SUCCESS, NULL);
-@@ -2541,8 +2530,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
- int res;
- struct wpabuf *out_data;
-
-- conn->server = !!server;
--
- /*
- * Give TLS handshake data from the server (if available) to OpenSSL
- * for processing.
---
-1.9.0
-
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-07-04 17:10:14 UTC (rev 216497)
+++ PKGBUILD 2014-07-04 17:39:36 UTC (rev 216498)
@@ -2,8 +2,8 @@
# Maintainer: Thomas Bächler <thomas at archlinux.org>
pkgname=wpa_supplicant
-pkgver=2.1
-pkgrel=3
+pkgver=2.2
+pkgrel=1
pkgdesc="A utility providing key negotiation for WPA wireless networks"
url="http://hostap.epitest.fi/wpa_supplicant"
arch=('i686' 'x86_64')
@@ -12,17 +12,12 @@
license=('GPL')
backup=('etc/wpa_supplicant/wpa_supplicant.conf')
source=("http://w1.fi/releases/${pkgname}-${pkgver}.tar.gz"
- config
- 0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch)
-sha256sums=('91632e7e3b49a340ce408e2f978a93546a697383abf2e5a60f146faae9e1b277'
- '522b1e2b330bd3fcb9c3c964b0f05ad197a2f1160741835a47585ea45ba8e0a4'
- '3c85fa2cf2465fea86383eece75fa5479507a174da6f0cd09e691fbaaca03c74')
+ config)
+sha256sums=('e0d8b8fd68a659636eaba246bb2caacbf53d22d53b2b6b90eb4b4fef0993c8ed'
+ '3ad2d74d0273ec22cea9000773a773e3b87eef714fa6c2cd4ed37ebe46a10221')
prepare() {
- cd "${srcdir}/${pkgname}-${pkgver}/"
- patch -p1 -i "${srcdir}"/0001-Revert-OpenSSL-Do-not-accept-SSL-Client-certificate-.patch
-
- cd "${pkgname}/"
+ cd "${srcdir}/${pkgname}-${pkgver}/${pkgname}/"
cp "${srcdir}/config" ./.config
}
Modified: config
===================================================================
--- config 2014-07-04 17:10:14 UTC (rev 216497)
+++ config 2014-07-04 17:39:36 UTC (rev 216498)
@@ -253,7 +253,7 @@
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
-# Select wrapper for operatins system and C library specific functions
+# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
@@ -267,6 +267,9 @@
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
+# Should we use epoll instead of select? Select is used by default.
+CONFIG_ELOOP_EPOLL=y
+
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
More information about the arch-commits
mailing list