Hi Stuart,
I found that creating a symlink to the PC/SC library file in the
OpenSSL directory allowed wpa_supplicant to run without issue.
ln -s /usr/local/lib/libpcsclite.so.1.0 /usr/local/lib/eopenssl31
Is it possible that the Makefile patch is somehow overriding the
library file location solely with the location of the OpenSSL library
files? I had a look at the patch and it looks correct to me...
> Hi Stuart,
>
> I had an opportunity to attempt a fresh install of the OpenSSL
> flavor of wpa_supplicant and I am still getting the error mentioned
> previously. I've tried the package you passed along with the same
> outcome - I've even gone so far as to create new 7.3 and -current
> virtual machines and install from ports, both of which resulted in the
> same outcome.
>
> Per your instructions, here is the output of running
> "LD_DEBUG=1 /usr/local/sbin/wpa_supplicant:
>
> ld.so loading: 'wpa_supplicant'
> exe load offset: 0xbadcead4000
> objname [/usr/local/sbin/wpa_supplicant], dynp 0xbadcebacff8, objtype 2
> lbase badcead4000, obase badcead4000
> flags /usr/local/sbin/wpa_supplicant = 0x8000000
> head /usr/local/sbin/wpa_supplicant
> obj /usr/local/sbin/wpa_supplicant has /usr/local/sbin/wpa_supplicant
> as head
> examining: '/usr/local/sbin/wpa_supplicant'
> loading: libcrypto.so.15.1 required by /usr/local/sbin/wpa_supplicant
> objname [/usr/local/lib/eopenssl31/libcrypto.so.15.1], dynp
> 0xbb01eb1d458, objtype 3 lbase bb01e5ea000, obase bb01e5ea000
> flags /usr/local/lib/eopenssl31/libcrypto.so.15.1 = 0x0
> obj /usr/local/lib/eopenssl31/libcrypto.so.15.1 has
> /usr/local/sbin/wpa_supplicant as head
> loading: libpcsclite.so.1.0 required by /usr/local/sbin/wpa_supplicant
> ld.so: wpa_supplicant: can't load library 'libpcsclite.so.1.0'
> [1] 74362 killed LD_DEBUG=1 /usr/local/sbin/wpa_supplicant
>
>
> Thanks again for your time!
>
> > Hi Stuart,
> >
> > Thanks again for the suggestion, I will give that a shot tomorrow and let
> > you know what I find.
> >
> > ------- Forwarded Message -------
> > From: Stuart Henderson s...@spacehopper.org
> >
> > Date: On Tuesday, October 3rd, 2023 at 5:25 PM
> > Subject: Re: Support for TLS 1.0 in recent wpa_supplicant builds
> > To: haywirrr haywi...@proton.me
> >
> > > > I was able to build wpa_supplicant using your patch and the
> > > > FLAVOR=openssl switch but when I attempted to run wpa_supplicant via
> > > > /usr/local/sbin/wpa_supplicant, I received the following error:
> > > >
> > > > ld.so: wpa_supplicant: can't load library 'libpcsclite.so.1.0'
> > > > Killed
> > >
> > > hmm - not sure what is up, the pcsc-lite dependency is set (and was
> > > there in the previous version too) so you shouldn't be able to install
> > > wpa_supplicant without having that installed ..
> > >
> > > you could try the package which I've built (attached) if you like -
> > > uninstall the existing package and use pkg_add -D unsigned to install it.
> > >
> > > if that doesn't help either, the console output from running
> > > "LD_DEBUG=1 /usr/local/sbin/wpa_supplicant" might give me some ideas..
> > >
> > > > Perhaps I missed something during the configuration process?
> > > > I downloaded the latest version of security/wpa_supplicant via
> > > > CVS, patched the Makefile and then ran "FLAVOR=openssl make install"
> > > > as root.
> > >
> > > That sounds right to me.
> > >
> > > > Thank you for your continued assistance!
> > > >
> > > > ------- Original Message -------
> > > > On Tuesday, October 3rd, 2023 at 4:52 PM, Stuart Henderson
> > > > s...@spacehopper.org wrote:
> > > >
> > > > > On 2023/10/03 21:48, Stuart Henderson wrote:
> > > > >
> > > > > > oops, rpath also needed, new diff
> > > > >
> > > > > you'll also need this in the network={ ... } section of your config
> > > > > (openssl rejects TLSv1.0 by default but allows it to be reenabled)
> > > > >
> > > > > openssl_ciphers="DEFAULT@SECLEVEL=0"
> > > > >
> > > > > I was able to run eapol_test against a server reconfigured to permit
> > > > > 1.0 with the above, plus the following to disable newer TLS
> > > > >
> > > > > phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1
> > > > > tls_disable_tlsv1_3=1"
> > > > >
> > > > > > Index: Makefile
> > > > > > ===================================================================
> > > > > > RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v
> > > > > > retrieving revision 1.53
> > > > > > diff -u -p -r1.53 Makefile
> > > > > > --- Makefile 27 Sep 2023 16:34:38 -0000 1.53
> > > > > > +++ Makefile 3 Oct 2023 20:48:14 -0000
> > > > > > @@ -1,7 +1,7 @@
> > > > > > COMMENT= IEEE 802.1X supplicant
> > > > > >
> > > > > > DISTNAME= wpa_supplicant-2.9
> > > > > > -REVISION= 2
> > > > > > +REVISION= 3
> > > > > > CATEGORIES= security net
> > > > > >
> > > > > > HOMEPAGE= https://w1.fi/wpa_supplicant/
> > > > > > @@ -9,7 +9,7 @@ HOMEPAGE= https://w1.fi/wpa_supplicant/
> > > > > > # BSD
> > > > > > PERMIT_PACKAGE= Yes
> > > > > >
> > > > > > -WANTLIB += c ssl crypto pcap pcsclite pthread
> > > > > > +WANTLIB += c pcap pcsclite pthread
> > > > > >
> > > > > > LIB_DEPENDS= security/pcsc-lite
> > > > > >
> > > > > > @@ -18,7 +18,24 @@ SITES= https://w1.fi/releases/
> > > > > > USE_GMAKE= Yes
> > > > > > NO_TEST= Yes
> > > > > > MAKE_FLAGS= V=1
> > > > > > -MAKE_ENV= CFLAGS="${CFLAGS}" CC="${CC}"
> > > > > > +MAKE_ENV= CC="${CC}" \
> > > > > > + CFLAGS="${CFLAGS}" \
> > > > > > + LIBS="-L${LOCALBASE}/lib ${LIBS}"
> > > > > > +
> > > > > > +FLAVORS= openssl
> > > > > > +FLAVOR?=
> > > > > > +
> > > > > > +CFLAGS+= -I${LOCALBASE}/include/PCSC
> > > > > > +
> > > > > > +.if ${FLAVOR:Mopenssl}
> > > > > > +LIB_DEPENDS += security/openssl/3.1
> > > > > > +CFLAGS += -Wno-deprecated-declarations
> > > > > > -I${LOCALBASE}/include/eopenssl31
> > > > > > +LIBS += -Wl,-rpath ${LOCALBASE}/lib/eopenssl31
> > > > > > -L${LOCALBASE}/lib/eopenssl31
> > > > > > +# -lssl -lcrypto
> > > > > > +WANTLIB += lib/eopenssl31/crypto lib/eopenssl31/ssl
> > > > > > +.else
> > > > > > +WANTLIB += crypto ssl
> > > > > > +.endif
> > > > > >
> > > > > > WRKSRC= ${WRKDIST}/wpa_supplicant
