Hi Stuart,
Thanks again for the suggestion, I will give that a shot tomorrow and let you
know what I find.
------- Forwarded Message -------
From: Stuart Henderson <s...@spacehopper.org>
Date: On Tuesday, October 3rd, 2023 at 5:25 PM
Subject: Re: Support for TLS 1.0 in recent wpa_supplicant builds
To: haywirrr <haywi...@proton.me>
> > I was able to build wpa_supplicant using your patch and the
> > FLAVOR=openssl switch but when I attempted to run wpa_supplicant via
> > /usr/local/sbin/wpa_supplicant, I received the following error:
> >
> > ld.so: wpa_supplicant: can't load library 'libpcsclite.so.1.0'
> > Killed
>
>
> hmm - not sure what is up, the pcsc-lite dependency is set (and was
> there in the previous version too) so you shouldn't be able to install
> wpa_supplicant without having that installed ..
>
> you could try the package which I've built (attached) if you like -
> uninstall the existing package and use pkg_add -D unsigned to install it.
>
> if that doesn't help either, the console output from running
> "LD_DEBUG=1 /usr/local/sbin/wpa_supplicant" might give me some ideas..
>
> > Perhaps I missed something during the configuration process?
> > I downloaded the latest version of security/wpa_supplicant via
> > CVS, patched the Makefile and then ran "FLAVOR=openssl make install"
> > as root.
>
>
> That sounds right to me.
>
> > Thank you for your continued assistance!
> >
> > ------- Original Message -------
> > On Tuesday, October 3rd, 2023 at 4:52 PM, Stuart Henderson
> > s...@spacehopper.org wrote:
> >
> > > On 2023/10/03 21:48, Stuart Henderson wrote:
> > >
> > > > oops, rpath also needed, new diff
> > >
> > > you'll also need this in the network={ ... } section of your config
> > > (openssl rejects TLSv1.0 by default but allows it to be reenabled)
> > >
> > > openssl_ciphers="DEFAULT@SECLEVEL=0"
> > >
> > > I was able to run eapol_test against a server reconfigured to permit
> > > 1.0 with the above, plus the following to disable newer TLS
> > >
> > > phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1 tls_disable_tlsv1_3=1"
> > >
> > > > Index: Makefile
> > > > ===================================================================
> > > > RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v
> > > > retrieving revision 1.53
> > > > diff -u -p -r1.53 Makefile
> > > > --- Makefile 27 Sep 2023 16:34:38 -0000 1.53
> > > > +++ Makefile 3 Oct 2023 20:48:14 -0000
> > > > @@ -1,7 +1,7 @@
> > > > COMMENT= IEEE 802.1X supplicant
> > > >
> > > > DISTNAME= wpa_supplicant-2.9
> > > > -REVISION= 2
> > > > +REVISION= 3
> > > > CATEGORIES= security net
> > > >
> > > > HOMEPAGE= https://w1.fi/wpa_supplicant/
> > > > @@ -9,7 +9,7 @@ HOMEPAGE= https://w1.fi/wpa_supplicant/
> > > > # BSD
> > > > PERMIT_PACKAGE= Yes
> > > >
> > > > -WANTLIB += c ssl crypto pcap pcsclite pthread
> > > > +WANTLIB += c pcap pcsclite pthread
> > > >
> > > > LIB_DEPENDS= security/pcsc-lite
> > > >
> > > > @@ -18,7 +18,24 @@ SITES= https://w1.fi/releases/
> > > > USE_GMAKE= Yes
> > > > NO_TEST= Yes
> > > > MAKE_FLAGS= V=1
> > > > -MAKE_ENV= CFLAGS="${CFLAGS}" CC="${CC}"
> > > > +MAKE_ENV= CC="${CC}" \
> > > > + CFLAGS="${CFLAGS}" \
> > > > + LIBS="-L${LOCALBASE}/lib ${LIBS}"
> > > > +
> > > > +FLAVORS= openssl
> > > > +FLAVOR?=
> > > > +
> > > > +CFLAGS+= -I${LOCALBASE}/include/PCSC
> > > > +
> > > > +.if ${FLAVOR:Mopenssl}
> > > > +LIB_DEPENDS += security/openssl/3.1
> > > > +CFLAGS += -Wno-deprecated-declarations
> > > > -I${LOCALBASE}/include/eopenssl31
> > > > +LIBS += -Wl,-rpath ${LOCALBASE}/lib/eopenssl31
> > > > -L${LOCALBASE}/lib/eopenssl31
> > > > +# -lssl -lcrypto
> > > > +WANTLIB += lib/eopenssl31/crypto lib/eopenssl31/ssl
> > > > +.else
> > > > +WANTLIB += crypto ssl
> > > > +.endif
> > > >
> > > > WRKSRC= ${WRKDIST}/wpa_supplicant
