> > ------- Original Message ------- > > On Friday, October 6th, 2023 at 4:53 PM, Stuart Henderson > > s...@spacehopper.org wrote: > > > > > On 2023/10/06 20:36, haywirrr wrote: > > > > > > > > ... > > > > > hmm - it's not ideal to use OpenSSL 1.1 any more because security > > > > > updates from the old branches are now only available to paying > > > > > customers... > > > > > > > > > > There could well be something else in the changes between > > > > > wpa_supplicant > > > > > 2.9 and 2.10 that will help with OpenSSL 3.x, but there have been > > > > > other > > > > > changes which mean that src/drivers/driver_openbsd.c no longer > > > > > compiles, > > > > > and I don't know how to fix that. > > > > > > > > Hi Stuart, > > > > > > > > I understand that using the old version of OpenSSL is not ideal. > > > > Unfortunately, this is my only option without moving to an entirely > > > > different platform, i.e. FreeBSD (which I may be forced into doing). > > > > > > Well, you have the diff and can use it if you want, but I don't really > > > want to commit that to ports. > > > > > > > Who would I need to ask about getting wpa_supplicant updated to the > > > > latest version? Also, there's a patch available for FreeBSD that allows > > > > > > I've tried updating and have merged the various patches, but the openbsd > > > code that's part of the distribution no longer builds. So it'll need > > > someone with enough interest and time and reason to look at it. The only > > > reason anyone has asked for this so far is to use a security protocol > > > that was replaced (by a much improved version) in 2008 which tbh is not > > > particularly compelling. > > > > > > (If anyone wants to do that feel free to ask for a diff for the boring > > > parts). > > > > > > > wpa_supplicant to interface directly with VLAN 0 (see the link below), > > > > how would I ask about getting that incorporated into the OpenBSD port > > > > of wpa_supplicant? I am thinking the answer might be to start a new > > > > thread and see if anyone replies... > > > > > > > > https://reviews.freebsd.org/D40442 > > > > > > Does that actually need anything from wpa_supplicant, have you tried > > > running it on a vlan interface set to id 0 (which js the standard way to > > > do that)? > > > > Hi Stuart, > > > > That is actually how I am currently working with wpa_supplicant, I use > > a hostname.vlan0 interface along with the application to authenticate. > > I was just thinking this might negate the need for the interface > > declaration and make things a little cleaner. > > > > Should the question then be would it be possible to incorporate 802.1X > > authentication into a hostname.if? I have no idea what that would take. > > > Hi Stuart, > > I was able to get wpa_supplicant working with OpenSSL 3.0/3.1 after > applying the following 5 patches: > > Allow use of TLS 1.0 and renegotiation - patch 1/5 > > Index: src/ap/authsrv.c > --- src/ap/authsrv.cc.orig > +++ src/ap/authsrv.c > @@ -188,6 +188,9 @@ > wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s", > data->alert.description); > > break; > + case TLS_UNSAFE_RENEGOTIATION_DISABLED: > + /* Not applicable to TLS server / > + break; > } > } > #endif / EAP_TLS_FUNCS / > > > Allow use of TLS 1.0 and renegotiation - patch 2/5 > > Index: src/crypto/tls.h > --- src/crypto/tls.h.orig > +++ src/crypto/tls.h > @@ -22,7 +22,8 @@ > TLS_CERT_CHAIN_SUCCESS, > TLS_CERT_CHAIN_FAILURE, > TLS_PEER_CERTIFICATE, > - TLS_ALERT > + TLS_ALERT, > + TLS_UNSAFE_RENEGOTIATION_DISABLED, > }; > > / > @@ -112,6 +113,7 @@ > #define TLS_CONN_ENABLE_TLSv1_1 BIT(15) > #define TLS_CONN_ENABLE_TLSv1_2 BIT(16) > #define TLS_CONN_TEAP_ANON_DH BIT(17) > +#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18) > > /** > * struct tls_connection_params - Parameters for TLS connection > > > Allow use of TLS 1.0 and renegotiation - patch 3/5 > > Index: src/crypto/tls_openssl.c > --- src/crypto/tls_openssl.c.orig > +++ src/crypto/tls_openssl.c > @@ -2919,6 +2919,13 @@ > SSL_clear_options(ssl, SSL_OP_NO_TICKET); > #endif /* SSL_OP_NO_TICKET / > > + > +#ifdef SSL_OP_LEGACY_SERVER_CONNECT > + if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION) > + SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT); > +#endif / SSL_OP_LEGACY_SERVER_CONNECT */ > + > + > #ifdef SSL_OP_NO_TLSv1 > if (flags & TLS_CONN_DISABLE_TLSv1_0) > SSL_set_options(ssl, SSL_OP_NO_TLSv1); > @@ -4133,6 +4140,7 @@ > static struct wpabuf * > openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data) > { > + struct tls_context *context = conn->context; > > int res; > struct wpabuf *out_data; > > @@ -4162,7 +4170,20 @@ > wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " > "write"); > else { > + unsigned long error = ERR_peek_last_error(); > + > tls_show_errors(MSG_INFO, func, "SSL_connect"); > + > + if (context->event_cb && > > + ERR_GET_LIB(error) == ERR_LIB_SSL && > + ERR_GET_REASON(error) == > + SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) { > + context->event_cb( > > + context->cb_ctx, > > + TLS_UNSAFE_RENEGOTIATION_DISABLED, > + NULL); > + } > + > conn->failed++; > > if (!conn->server && !conn->client_hello_generated) { > > /* The server would not understand TLS Alert > @@ -4185,8 +4206,6 @@ > if ((conn->flags & TLS_CONN_SUITEB) && !conn->server && > > os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 && > > conn->server_dh_prime_len < 3072) { > > - struct tls_context *context = conn->context; > > - > /* > * This should not be reached since earlier cert_cb should have > * terminated the handshake. Keep this check here for extra > > > Allow use of TLS 1.0 and renegotiation - patch 4/5 > > Index: src/eap_peer/eap.c > --- src/eap_peer/eap.c.orig > +++ src/eap_peer/eap.c > @@ -2108,6 +2108,11 @@ > eap_notify_status(sm, "remote TLS alert", > data->alert.description); > > break; > + case TLS_UNSAFE_RENEGOTIATION_DISABLED: > + wpa_printf(MSG_INFO, > + "TLS handshake failed due to the server not supporting safe renegotiation > (RFC 5746); phase1 parameter allow_unsafe_renegotiation=1 can be used to work > around this"); > + eap_notify_status(sm, "unsafe server renegotiation", "failure"); > + break; > } > > os_free(hash_hex); > > > Allow use of TLS 1.0 and renegotiation - patch 5/5 > > Index: src/eap_peer/eap_tls_common.c > --- src/eap_peer/eap_tls_common.c > +++ src/eap_peer/eap_tls_common.c > @@ -102,6 +102,10 @@ > params->flags |= TLS_CONN_SUITEB_NO_ECDH; > > if (os_strstr(txt, "tls_suiteb_no_ecdh=0")) > params->flags &= ~TLS_CONN_SUITEB_NO_ECDH; > > + if (os_strstr(txt, "allow_unsafe_renegotiation=1")) > + params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION; > > + if (os_strstr(txt, "allow_unsafe_renegotiation=0")) > + params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION; > > }
I should also note that in order to bypass the renegotiation error, the following should also be added to the phase 1 directive of the wpa_supplicant configuration file: allow_unsafe_renegotiation=1
