[pkg-wpa-devel] [wpa] 03/04: Unbreak EAP-TLS.

[Andrew Shadura]

This is an automated email from the git hooks/post-receive script.

andrewsh pushed a commit to branch debian/master
in repository wpa.

commit d576a7a1fbb187e8998f709b32fa679e56495a1a
Author: Andrew Shadura <andrew.shadura at collabora.co.uk>
Date:   Tue Nov 28 19:54:04 2017 +0100

    Unbreak EAP-TLS.
    
    wpa_supplicant[3208]: Enter PEM pass phrase:
    wpa_supplicant[3208]: OpenSSL: tls_read_pkcs12 - Failed to use PKCS#12 file error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
    wpa_supplicant[3208]: OpenSSL: pending error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
    wpa_supplicant[3208]: OpenSSL: tls_connection_private_key - Failed to load private key error:00000000:lib(0):func(0):reason(0)
    wpa_supplicant[3208]: TLS: Failed to load private key '/home/me/.certs/some_key.pem'
    wpa_supplicant[3208]: TLS: Failed to set TLS connection parameters
    
    Arch Linux bug: https://bugs.archlinux.org/task/54233
    OpenSSL issue: https://github.com/openssl/openssl/issues/3594
    
    Thanks: Dmitry Borodaenko <angdraug at debian.org>
    Gbp-Dch: short
---
 debian/patches/fix-pem-decryption.patch | 29 +++++++++++++++++++++++++++++
 debian/patches/series                   |  1 +
 2 files changed, 30 insertions(+)

diff --git a/debian/patches/fix-pem-decryption.patch b/debian/patches/fix-pem-decryption.patch
new file mode 100644
index 0000000..9b90736
--- /dev/null
+++ b/debian/patches/fix-pem-decryption.patch
@@ -0,0 +1,29 @@
+From: Lukasz Siudut <lsiudut at gmail.com>
+Date: Fri, 2 Jun 2017 11:29:58 +0100
+
+This patch fixes this is semi-proper way that should be compatible with both
+older versions of OpenSSH and newer one. Basically I'm doing what @mattcaswell
+suggested here:
+https://github.com/openssl/openssl/issues/3594#issuecomment-305493300 -
+calling both SSL_CTX_() functions and the SSL_() functions. Works for me,
+would be nice to get feedback from bigger group of testers.
+
+--- a/src/crypto/tls_openssl.c	2016-10-02 19:51:11.000000000 +0100
++++ b/src/crypto/tls_openssl.c	2017-06-02 11:17:37.303222333 +0100
+@@ -2779,6 +2779,8 @@
+ 	} else
+ 		passwd = NULL;
+ 
++	SSL_set_default_passwd_cb(conn->ssl, tls_passwd_cb);
++	SSL_set_default_passwd_cb_userdata(conn->ssl, passwd);
+ 	SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb);
+ 	SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd);
+ 
+@@ -2869,6 +2871,7 @@
+ 		return -1;
+ 	}
+ 	ERR_clear_error();
++	SSL_set_default_passwd_cb(conn->ssl, NULL);
+ 	SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL);
+ 	os_free(passwd);
+ 
diff --git a/debian/patches/series b/debian/patches/series
index b72b558..69d62cc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@ VU-228519/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
 VU-228519/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 VU-228519/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
 wpa_disable_eapol_key_retries.patch
+fix-pem-decryption.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/wpa.git