Issue with wpa_supplicant + EAP_TLS + extra certs in the
Kanago, Kerwin
kkanago at ciena.com
Tue Aug 11 17:29:04 EDT 2015
Sounds good.
Thanks for the fast reply.
> > On Mon, Aug 10, 2015 at 04:03:18PM -0400, Kanago, Kerwin wrote:
> > Assuming this is all intended behavior EXCEPT for getting extra
> > copies, then adding a clear_extra_chain_certs call as follows seems to fix the problem:
> >
> > if (certs) {
> > SSL_CTX_clear_extra_chain_certs(ssl_ctx); // Remove any previous extra certs before adding them.
> > while ((cert = sk_X509_pop(certs)) !=
> > NULL) { ...
> >
> >
> > Is this a reasonable fix or am I missing something/doing something wrong?
> Alas, this function did not exist before OpenSSL 1.0.1. Taken into account that both 0.9.8 and 1.0.0 will reach their end-of-life in less than five months, I'm not sure whether I feel like even trying to > fix this with older OpenSSL versions.. In other words, I think I'll go with this minimal fix for builds using OpenSSL 1.0.1 and more completely fix and cleanup with 1.0.2 and newer.
> --
> Jouni Malinen PGP id EFC895FA
>
More information about the HostAP
mailing list