------- Original Message ------- On Friday, October 6th, 2023 at 4:53 PM, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2023/10/06 20:36, haywirrr wrote: > > > > ... > > > hmm - it's not ideal to use OpenSSL 1.1 any more because security > > > updates from the old branches are now only available to paying > > > customers... > > > > > > There could well be something else in the changes between wpa_supplicant > > > 2.9 and 2.10 that will help with OpenSSL 3.x, but there have been other > > > changes which mean that src/drivers/driver_openbsd.c no longer compiles, > > > and I don't know how to fix that. > > > > Hi Stuart, > > > > I understand that using the old version of OpenSSL is not ideal. > > Unfortunately, this is my only option without moving to an entirely > > different platform, i.e. FreeBSD (which I may be forced into doing). > > > Well, you have the diff and can use it if you want, but I don't really > want to commit that to ports. > > > Who would I need to ask about getting wpa_supplicant updated to the > > latest version? Also, there's a patch available for FreeBSD that allows > > > I've tried updating and have merged the various patches, but the openbsd > code that's part of the distribution no longer builds. So it'll need > someone with enough interest and time and reason to look at it. The only > reason anyone has asked for this so far is to use a security protocol > that was replaced (by a much improved version) in 2008 which tbh is not > particularly compelling. > > (If anyone wants to do that feel free to ask for a diff for the boring > parts). > > > wpa_supplicant to interface directly with VLAN 0 (see the link below), > > how would I ask about getting that incorporated into the OpenBSD port > > of wpa_supplicant? I am thinking the answer might be to start a new > > thread and see if anyone replies... > > > > https://reviews.freebsd.org/D40442 > > > Does that actually need anything from wpa_supplicant, have you tried > running it on a vlan interface set to id 0 (which js the standard way to > do that)? Hi Stuart, That is actually how I am currently working with wpa_supplicant, I use a hostname.vlan0 interface along with the application to authenticate. I was just thinking this might negate the need for the interface declaration and make things a little cleaner. Should the question then be would it be possible to incorporate 802.1X authentication into a hostname.if? I have no idea what that would take.
