summaryrefslogtreecommitdiff
path: root/packages/hostap
diff options
context:
space:
mode:
authorAndrew Gunnerson <accounts+github@chiller3.com>2023-04-09 12:16:33 -0400
committerAndrew Gunnerson <accounts+github@chiller3.com>2023-04-09 12:51:23 -0400
commitc260174c5bfcdf7cc3bd6db0f2bd51cf7b1f8648 (patch)
treeef7eb3bf3e4a55edb55da35f7856bf8c5853046f /packages/hostap
parente36e5e77ae370aa85555a6eb328b5ab59713d639 (diff)
downloadvyos-build-c260174c5bfcdf7cc3bd6db0f2bd51cf7b1f8648.tar.gz
vyos-build-c260174c5bfcdf7cc3bd6db0f2bd51cf7b1f8648.zip
T5151: hostap: Reintroduce Debian's allow-legacy-renegotiation.patch
The Debian 12 upgrade in T5003 caused a regression for connecting to legacy networks that only support TLSv1.0/1.1 for EAP-TLS. This commit fixes one part of the issue by adding Debian's patch for allowing legacy renegotiation (SSL_OP_LEGACY_SERVER_CONNECT flag). The flag used to be allowed by default, but that changed with the openssl 3.0 upgrade in Debian 12. (This commit also updates `build.sh` to just overwrite `debian/patches/series` and not delete patch files since dpkg-buildpackage/quilt never applies unlisted patches.) Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
Diffstat (limited to 'packages/hostap')
-rw-r--r--packages/hostap/Jenkinsfile2
-rwxr-xr-xpackages/hostap/build.sh9
2 files changed, 7 insertions, 4 deletions
diff --git a/packages/hostap/Jenkinsfile b/packages/hostap/Jenkinsfile
index 1aeb4521..70c0e71b 100644
--- a/packages/hostap/Jenkinsfile
+++ b/packages/hostap/Jenkinsfile
@@ -21,7 +21,7 @@
def pkgList = [
['name': 'wpa',
- 'scmCommit': 'debian/2%2.10-10',
+ 'scmCommit': 'debian/2%2.10-12',
'scmUrl': 'https://salsa.debian.org/debian/wpa',
'buildCmd': '/bin/true'],
['name': 'hostap',
diff --git a/packages/hostap/build.sh b/packages/hostap/build.sh
index c66bda3d..e69236dd 100755
--- a/packages/hostap/build.sh
+++ b/packages/hostap/build.sh
@@ -16,9 +16,12 @@ fi
echo "I: Copy Debian build instructions"
cp -a ${SRC_DEB}/debian ${SRC}
-# Preserve Debian's default of allowing TLSv1.0 for compatibility
-find ${SRC}/debian/patches -mindepth 1 ! -name allow-tlsv1.patch -delete
-echo 'allow-tlsv1.patch' > ${SRC}/debian/patches/series
+# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for
+# compatibility with networks that use legacy crypto
+cat > ${SRC}/debian/patches/series << EOF
+allow-tlsv1.patch
+allow-legacy-renegotiation.patch
+EOF
# Build Debian package
cd ${SRC}