[Pkg-openssl-devel] Bug#883025: Bug#883025: Breaks wpa_supplicant on WPA-Enterprise networks

Kurt Roeckx kurt at roeckx.be
Tue Nov 28 23:36:56 UTC 2017


On Tue, Nov 28, 2017 at 03:15:06PM -0800, Josh Triplett wrote:
> On Wed, Nov 29, 2017 at 12:05:35AM +0100, Kurt Roeckx wrote:
> > On Tue, Nov 28, 2017 at 02:12:07PM -0800, Josh Triplett wrote:
> > > Package: libssl1.1
> > > Version: 1.1.0g-2
> > > Severity: important
> > > Tags: upstream
> > > 
> > > See https://github.com/openssl/openssl/issues/3594 ; current OpenSSL
> > > breaks compatibility with the hook mechanism that wpa_supplicant used to
> > > provide the passphrase for PEM keys. The net result is this:
> > 
> > My understanding from reading that bug is that wpa supplicant
> > would fix it?
> 
> wpasupplicant can't necessarily fix this upstream, because the fix would
> break on older OpenSSL. However, Debian could potentially patch
> wpasupplicant if we're only ever going to build against the newer
> OpenSSL.

As far as I understand it, upstream wpa could do two things:
- Set it in the SSL_CTX before creating the SSL instead of after
- Set it it both the SSL_CTX and SSL


Kurt



More information about the Pkg-openssl-devel mailing list