On 2023/10/03 19:17, haywirrr wrote: > It would seem that the latest snapshot version of wpa_supplicant was > compiled using a version of LibreSSL that does not support TLS 1.0. > While this doesn't surprise me, my ISP requires 802.1X authentication > and only TLS 1.0 is available. > > I attempted to build wpa_supplicant from ports using LibreSSL 3.7.3 > but I am running into build errors along the way. I am hoping that > someone may be able to point me in the right direction in terms of > the correct compilation flags, or perhaps suggest a different 802.1X > client.
OpenBSD only uses the standard version of LibreSSL from the base OS, which no longer allows setting TLS 1.0 or 1.1. You could try this, which allows building with OpenSSL instead. Set "FLAVOR=openssl" on the command line when building (e.g. 'pkg_delete wpa_supplicant; FLAVOR=openssl make install'). Index: Makefile =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v retrieving revision 1.53 diff -u -p -r1.53 Makefile --- Makefile 27 Sep 2023 16:34:38 -0000 1.53 +++ Makefile 3 Oct 2023 20:12:52 -0000 @@ -1,7 +1,7 @@ COMMENT= IEEE 802.1X supplicant DISTNAME= wpa_supplicant-2.9 -REVISION= 2 +REVISION= 3 CATEGORIES= security net HOMEPAGE= https://w1.fi/wpa_supplicant/ @@ -9,7 +9,7 @@ HOMEPAGE= https://w1.fi/wpa_supplicant/ # BSD PERMIT_PACKAGE= Yes -WANTLIB += c ssl crypto pcap pcsclite pthread +WANTLIB += c pcap pcsclite pthread LIB_DEPENDS= security/pcsc-lite @@ -18,7 +18,24 @@ SITES= https://w1.fi/releases/ USE_GMAKE= Yes NO_TEST= Yes MAKE_FLAGS= V=1 -MAKE_ENV= CFLAGS="${CFLAGS}" CC="${CC}" +MAKE_ENV= CC="${CC}" \ + CFLAGS="${CFLAGS}" \ + LIBS="-L${LOCALBASE}/lib ${LIBS}" + +FLAVORS= openssl +FLAVOR?= + +CFLAGS+= -I${LOCALBASE}/include/PCSC + +.if ${FLAVOR:Mopenssl} +LIB_DEPENDS += security/openssl/3.1 +CFLAGS += -Wno-deprecated-declarations -I${LOCALBASE}/include/eopenssl31 +LIBS += -L${LOCALBASE}/lib/eopenssl31 +# -lssl -lcrypto +WANTLIB += lib/eopenssl31/crypto lib/eopenssl31/ssl +.else +WANTLIB += crypto ssl +.endif WRKSRC= ${WRKDIST}/wpa_supplicant
