From 50a88a508ada1ce1e6633fcf33e5eaf467fd4ad2 Mon Sep 17 00:00:00 2001
From: Andrew Gunnerson <chillermillerlong@hotmail.com>
Date: Fri, 2 Sep 2022 18:27:24 -0400
Subject: T4666: hostap: Reintroduce Debian's allow-tlsv1.patch

After the fixes for T4537/T4584, which added a custom hostap package,
wpa_supplicant no longer allows TLSv1.0 connections, which is required
for EAP-TLS with certain ISPs.

Previously, VyOS allowed TLSv1.0 via Debian's `allow-tlsv1.patch` patch.
This commit reintroduces that patch for the custom hostap package.

Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
(cherry picked from commit 54a2f0aa704db96707c8545b81b180934b5f8b9c)
---
 packages/hostap/build.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'packages')

diff --git a/packages/hostap/build.sh b/packages/hostap/build.sh
index 90b3358c..8e5d324b 100755
--- a/packages/hostap/build.sh
+++ b/packages/hostap/build.sh
@@ -16,7 +16,9 @@ fi
 
 echo "I: Copy Debian build instructions"
 cp -a ${SRC_DEB}/debian ${SRC}
-rm -rf ${SRC}/debian/patches
+# Preserve Debian's default of allowing TLSv1.0 for compatibility
+find ${SRC}/debian/patches -mindepth 1 ! -name allow-tlsv1.patch -delete
+echo 'allow-tlsv1.patch' > ${SRC}/debian/patches/series
 
 # Build Debian package
 cd ${SRC}
-- 
cgit v1.2.3