Hi Stuart,
I had an opportunity to attempt a fresh install of the OpenSSL
flavor of wpa_supplicant and I am still getting the error mentioned
previously. I've tried the package you passed along with the same
outcome - I've even gone so far as to create new 7.3 and -current
virtual machines and install from ports, both of which resulted in the
same outcome.
Per your instructions, here is the output of running
"LD_DEBUG=1 /usr/local/sbin/wpa_supplicant:
ld.so loading: 'wpa_supplicant'
exe load offset: 0xbadcead4000
objname [/usr/local/sbin/wpa_supplicant], dynp 0xbadcebacff8, objtype 2
lbase badcead4000, obase badcead4000
flags /usr/local/sbin/wpa_supplicant = 0x8000000
head /usr/local/sbin/wpa_supplicant
obj /usr/local/sbin/wpa_supplicant has /usr/local/sbin/wpa_supplicant
as head
examining: '/usr/local/sbin/wpa_supplicant'
loading: libcrypto.so.15.1 required by /usr/local/sbin/wpa_supplicant
objname [/usr/local/lib/eopenssl31/libcrypto.so.15.1], dynp
0xbb01eb1d458, objtype 3 lbase bb01e5ea000, obase bb01e5ea000
flags /usr/local/lib/eopenssl31/libcrypto.so.15.1 = 0x0
obj /usr/local/lib/eopenssl31/libcrypto.so.15.1 has
/usr/local/sbin/wpa_supplicant as head
loading: libpcsclite.so.1.0 required by /usr/local/sbin/wpa_supplicant
ld.so: wpa_supplicant: can't load library 'libpcsclite.so.1.0'
[1] 74362 killed LD_DEBUG=1 /usr/local/sbin/wpa_supplicant
Thanks again for your time!
> Hi Stuart,
>
> Thanks again for the suggestion, I will give that a shot tomorrow and let you
> know what I find.
>
> ------- Forwarded Message -------
> From: Stuart Henderson s...@spacehopper.org
>
> Date: On Tuesday, October 3rd, 2023 at 5:25 PM
> Subject: Re: Support for TLS 1.0 in recent wpa_supplicant builds
> To: haywirrr haywi...@proton.me
>
>
>
> > > I was able to build wpa_supplicant using your patch and the
> > > FLAVOR=openssl switch but when I attempted to run wpa_supplicant via
> > > /usr/local/sbin/wpa_supplicant, I received the following error:
> > >
> > > ld.so: wpa_supplicant: can't load library 'libpcsclite.so.1.0'
> > > Killed
> >
> > hmm - not sure what is up, the pcsc-lite dependency is set (and was
> > there in the previous version too) so you shouldn't be able to install
> > wpa_supplicant without having that installed ..
> >
> > you could try the package which I've built (attached) if you like -
> > uninstall the existing package and use pkg_add -D unsigned to install it.
> >
> > if that doesn't help either, the console output from running
> > "LD_DEBUG=1 /usr/local/sbin/wpa_supplicant" might give me some ideas..
> >
> > > Perhaps I missed something during the configuration process?
> > > I downloaded the latest version of security/wpa_supplicant via
> > > CVS, patched the Makefile and then ran "FLAVOR=openssl make install"
> > > as root.
> >
> > That sounds right to me.
> >
> > > Thank you for your continued assistance!
> > >
> > > ------- Original Message -------
> > > On Tuesday, October 3rd, 2023 at 4:52 PM, Stuart Henderson
> > > s...@spacehopper.org wrote:
> > >
> > > > On 2023/10/03 21:48, Stuart Henderson wrote:
> > > >
> > > > > oops, rpath also needed, new diff
> > > >
> > > > you'll also need this in the network={ ... } section of your config
> > > > (openssl rejects TLSv1.0 by default but allows it to be reenabled)
> > > >
> > > > openssl_ciphers="DEFAULT@SECLEVEL=0"
> > > >
> > > > I was able to run eapol_test against a server reconfigured to permit
> > > > 1.0 with the above, plus the following to disable newer TLS
> > > >
> > > > phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1
> > > > tls_disable_tlsv1_3=1"
> > > >
> > > > > Index: Makefile
> > > > > ===================================================================
> > > > > RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v
> > > > > retrieving revision 1.53
> > > > > diff -u -p -r1.53 Makefile
> > > > > --- Makefile 27 Sep 2023 16:34:38 -0000 1.53
> > > > > +++ Makefile 3 Oct 2023 20:48:14 -0000
> > > > > @@ -1,7 +1,7 @@
> > > > > COMMENT= IEEE 802.1X supplicant
> > > > >
> > > > > DISTNAME= wpa_supplicant-2.9
> > > > > -REVISION= 2
> > > > > +REVISION= 3
> > > > > CATEGORIES= security net
> > > > >
> > > > > HOMEPAGE= https://w1.fi/wpa_supplicant/
> > > > > @@ -9,7 +9,7 @@ HOMEPAGE= https://w1.fi/wpa_supplicant/
> > > > > # BSD
> > > > > PERMIT_PACKAGE= Yes
> > > > >
> > > > > -WANTLIB += c ssl crypto pcap pcsclite pthread
> > > > > +WANTLIB += c pcap pcsclite pthread
> > > > >
> > > > > LIB_DEPENDS= security/pcsc-lite
> > > > >
> > > > > @@ -18,7 +18,24 @@ SITES= https://w1.fi/releases/
> > > > > USE_GMAKE= Yes
> > > > > NO_TEST= Yes
> > > > > MAKE_FLAGS= V=1
> > > > > -MAKE_ENV= CFLAGS="${CFLAGS}" CC="${CC}"
> > > > > +MAKE_ENV= CC="${CC}" \
> > > > > + CFLAGS="${CFLAGS}" \
> > > > > + LIBS="-L${LOCALBASE}/lib ${LIBS}"
> > > > > +
> > > > > +FLAVORS= openssl
> > > > > +FLAVOR?=
> > > > > +
> > > > > +CFLAGS+= -I${LOCALBASE}/include/PCSC
> > > > > +
> > > > > +.if ${FLAVOR:Mopenssl}
> > > > > +LIB_DEPENDS += security/openssl/3.1
> > > > > +CFLAGS += -Wno-deprecated-declarations
> > > > > -I${LOCALBASE}/include/eopenssl31
> > > > > +LIBS += -Wl,-rpath ${LOCALBASE}/lib/eopenssl31
> > > > > -L${LOCALBASE}/lib/eopenssl31
> > > > > +# -lssl -lcrypto
> > > > > +WANTLIB += lib/eopenssl31/crypto lib/eopenssl31/ssl
> > > > > +.else
> > > > > +WANTLIB += crypto ssl
> > > > > +.endif
> > > > >
> > > > > WRKSRC= ${WRKDIST}/wpa_supplicant
