Hi! Update wpa_supplicant to the latest version.
Please test it with your setup (eduroam, whatever...) Works with mine (my employer's wired 802.1x). Ciao, David Index: Makefile =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v retrieving revision 1.18 diff -u -p -u -p -r1.18 Makefile --- Makefile 22 Jul 2014 10:55:41 -0000 1.18 +++ Makefile 2 Sep 2014 11:03:24 -0000 @@ -2,8 +2,7 @@ COMMENT= IEEE 802.1X supplicant -DISTNAME= wpa_supplicant-2.1 -REVISION= 2 +DISTNAME= wpa_supplicant-2.2 CATEGORIES= security net HOMEPAGE= http://hostap.epitest.fi/wpa_supplicant/ Index: distinfo =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/distinfo,v retrieving revision 1.4 diff -u -p -u -p -r1.4 distinfo --- distinfo 18 Mar 2014 05:57:22 -0000 1.4 +++ distinfo 2 Sep 2014 11:03:24 -0000 @@ -1,2 +1,2 @@ -SHA256 (wpa_supplicant-2.1.tar.gz) = kWMufjtJo0DOQI4vl4qTVGppc4Or8uWmDxRvqunhsnc= -SIZE (wpa_supplicant-2.1.tar.gz) = 2222066 +SHA256 (wpa_supplicant-2.2.tar.gz) = 4Ni4/WimWWNuq6JGuyyqy/U9ItU7K2uQ60tP7wmTyO0= +SIZE (wpa_supplicant-2.2.tar.gz) = 2382570 Index: patches/patch-src_crypto_ms_funcs_c =================================================================== RCS file: patches/patch-src_crypto_ms_funcs_c diff -N patches/patch-src_crypto_ms_funcs_c --- patches/patch-src_crypto_ms_funcs_c 18 Mar 2014 05:57:22 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,24 +0,0 @@ -$OpenBSD: patch-src_crypto_ms_funcs_c,v 1.1 2014/03/18 05:57:22 dcoppa Exp $ - -commit 22dd2d7a987325faa089e65914c1602cad85f747 -Author: Jouni Malinen <j...@w1.fi> -Date: Sat Feb 15 12:06:35 2014 +0200 - -Fix MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding - -This fixes issues in using a password that includes a UTF-8 character -with three-byte encoding with EAP methods that use NtPasswordHash -(anything using MSCHAPv2 or LEAP). - -Signed-off-by: Jouni Malinen <j...@w1.fi> - ---- src/crypto/ms_funcs.c.orig Tue Feb 4 12:23:35 2014 -+++ src/crypto/ms_funcs.c Fri Mar 14 10:49:39 2014 -@@ -58,6 +58,7 @@ static int utf8_to_ucs2(const u8 *utf8_string, size_t - WPA_PUT_LE16(ucs2_buffer + j, - ((c & 0xF) << 12) | - ((c2 & 0x3F) << 6) | (c3 & 0x3F)); -+ j += 2; - } - } - } Index: patches/patch-src_crypto_tls_h =================================================================== RCS file: patches/patch-src_crypto_tls_h diff -N patches/patch-src_crypto_tls_h --- patches/patch-src_crypto_tls_h 18 Mar 2014 05:57:22 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,29 +0,0 @@ -$OpenBSD: patch-src_crypto_tls_h,v 1.1 2014/03/18 05:57:22 dcoppa Exp $ - -commit b62d5b5450101676a0c05691b4bcd94e11426397 -Author: Jouni Malinen <j...@w1.fi> -Date: Wed Feb 19 11:56:02 2014 +0200 - -Revert "OpenSSL: Do not accept SSL Client certificate for server" - -This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are -too many deployed AAA servers that include both id-kp-clientAuth and -id-kp-serverAuth EKUs for this change to be acceptable as a generic rule -for AAA authentication server validation. OpenSSL enforces the policy of -not connecting if only id-kp-clientAuth is included. If a valid EKU is -listed with it, the connection needs to be accepted. - -Signed-off-by: Jouni Malinen <j...@w1.fi> - ---- src/crypto/tls.h.orig Tue Feb 4 12:23:35 2014 -+++ src/crypto/tls.h Fri Mar 14 14:33:33 2014 -@@ -41,8 +41,7 @@ enum tls_fail_reason { - TLS_FAIL_ALTSUBJECT_MISMATCH = 6, - TLS_FAIL_BAD_CERTIFICATE = 7, - TLS_FAIL_SERVER_CHAIN_PROBE = 8, -- TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9, -- TLS_FAIL_SERVER_USED_CLIENT_CERT = 10 -+ TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9 - }; - - union tls_event_data { Index: patches/patch-src_crypto_tls_openssl_c =================================================================== RCS file: patches/patch-src_crypto_tls_openssl_c diff -N patches/patch-src_crypto_tls_openssl_c --- patches/patch-src_crypto_tls_openssl_c 18 Mar 2014 05:57:22 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,53 +0,0 @@ -$OpenBSD: patch-src_crypto_tls_openssl_c,v 1.1 2014/03/18 05:57:22 dcoppa Exp $ - -commit b62d5b5450101676a0c05691b4bcd94e11426397 -Author: Jouni Malinen <j...@w1.fi> -Date: Wed Feb 19 11:56:02 2014 +0200 - -Revert "OpenSSL: Do not accept SSL Client certificate for server" - -This reverts commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304. There are -too many deployed AAA servers that include both id-kp-clientAuth and -id-kp-serverAuth EKUs for this change to be acceptable as a generic rule -for AAA authentication server validation. OpenSSL enforces the policy of -not connecting if only id-kp-clientAuth is included. If a valid EKU is -listed with it, the connection needs to be accepted. - -Signed-off-by: Jouni Malinen <j...@w1.fi> - ---- src/crypto/tls_openssl.c.orig Tue Feb 4 12:23:35 2014 -+++ src/crypto/tls_openssl.c Fri Mar 14 14:33:33 2014 -@@ -105,7 +105,6 @@ struct tls_connection { - unsigned int ca_cert_verify:1; - unsigned int cert_probe:1; - unsigned int server_cert_only:1; -- unsigned int server:1; - - u8 srv_cert_hash[32]; - -@@ -1477,16 +1476,6 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_ - TLS_FAIL_SERVER_CHAIN_PROBE); - } - -- if (!conn->server && err_cert && preverify_ok && depth == 0 && -- (err_cert->ex_flags & EXFLAG_XKUSAGE) && -- (err_cert->ex_xkusage & XKU_SSL_CLIENT)) { -- wpa_printf(MSG_WARNING, "TLS: Server used client certificate"); -- openssl_tls_fail_event(conn, err_cert, err, depth, buf, -- "Server used client certificate", -- TLS_FAIL_SERVER_USED_CLIENT_CERT); -- preverify_ok = 0; -- } -- - if (preverify_ok && context->event_cb != NULL) - context->event_cb(context->cb_ctx, - TLS_CERT_CHAIN_SUCCESS, NULL); -@@ -2537,8 +2526,6 @@ openssl_handshake(struct tls_connection *conn, const s - { - int res; - struct wpabuf *out_data; -- -- conn->server = !!server; - - /* - * Give TLS handshake data from the server (if available) to OpenSSL Index: patches/patch-src_utils_common_c =================================================================== RCS file: patches/patch-src_utils_common_c diff -N patches/patch-src_utils_common_c --- patches/patch-src_utils_common_c 2 Jun 2014 11:26:21 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,12 +0,0 @@ -$OpenBSD: patch-src_utils_common_c,v 1.1 2014/06/02 11:26:21 sthen Exp $ ---- src/utils/common.c.orig Mon Jun 2 12:22:46 2014 -+++ src/utils/common.c Mon Jun 2 12:23:29 2014 -@@ -350,7 +350,7 @@ void printf_encode(char *txt, size_t maxlen, const u8 - size_t i; - - for (i = 0; i < len; i++) { -- if (txt + 4 > end) -+ if (txt + 4 >= end) - break; - - switch (data[i]) { Index: patches/patch-src_utils_eloop_c =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/patches/patch-src_utils_eloop_c,v retrieving revision 1.2 diff -u -p -u -p -r1.2 patch-src_utils_eloop_c --- patches/patch-src_utils_eloop_c 18 Mar 2014 05:57:22 -0000 1.2 +++ patches/patch-src_utils_eloop_c 2 Sep 2014 11:03:24 -0000 @@ -2,9 +2,9 @@ $OpenBSD: patch-src_utils_eloop_c,v 1.2 don't try to access list members to free them unless already initialised ---- src/utils/eloop.c.orig Fri Mar 14 10:39:29 2014 -+++ src/utils/eloop.c Fri Mar 14 10:41:10 2014 -@@ -887,6 +887,9 @@ void eloop_destroy(void) +--- src/utils/eloop.c.orig Wed Jun 4 15:26:14 2014 ++++ src/utils/eloop.c Tue Sep 2 13:00:23 2014 +@@ -1033,6 +1033,9 @@ void eloop_destroy(void) struct eloop_timeout *timeout, *prev; struct os_reltime now;
wpa_supplicant-2.2.diff.gz
Description: Binary data
