From patchwork Wed Nov 21 13:22:49 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: NSS: Fix build with NSS Date: Wed, 21 Nov 2012 03:22:49 -0000 From: Masashi Honma X-Patchwork-Id: 200686 Message-Id: To: hostap ML I will use NSS 3.14 for SSL. But compilation failed because of SSL_ExportKeyingMaterial() prototype was changed. So I made this patch. But I got error messages below ont the TTLS/MSCHAPv2 connection. ------------ wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 NSS: TODO - tls_connection_set_params wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected NSS: Bad Server Certificate (sec err 20) NSS: Peer certificate subject='(deleted)' wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed ------------ I will do more fix. Is there any advice for this ? Signed-hostap: Masashi Honma PR_Free(subject); @@ -426,15 +426,16 @@ int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, u8 *out, size_t out_len) { if (conn == NULL || server_random_first) { - wpa_printf(MSG_INFO, "NSS: Unsupported PRF request " + wpa_printf(MSG_ERROR, "NSS: Unsupported PRF request " "(server_random_first=%d)", server_random_first); return -1; } - if (SSL_ExportKeyingMaterial(conn->fd, label, NULL, 0, out, out_len) != - SECSuccess) { - wpa_printf(MSG_INFO, "NSS: Failed to use TLS extractor " + if (SSL_ExportKeyingMaterial(conn->fd, label, os_strlen(label), + PR_FALSE, NULL, 0, out, out_len) != + SECSuccess) { + wpa_printf(MSG_ERROR, "NSS: Failed to use TLS extractor " "(label='%s' out_len=%d", label, (int) out_len); return -1; } Regards, Masashi Honma. diff --git a/src/crypto/tls_nss.c b/src/crypto/tls_nss.c index c53c192..d7fba20 100644 --- a/src/crypto/tls_nss.c +++ b/src/crypto/tls_nss.c @@ -293,15 +293,15 @@ static SECStatus nss_bad_cert_cb(void *arg, PRFileDesc *fd) err = PR_GetError(); if (IS_SEC_ERROR(err)) - wpa_printf(MSG_DEBUG, "NSS: Bad Server Certificate (sec err " + wpa_printf(MSG_ERROR, "NSS: Bad Server Certificate (sec err " "%d)", err - SEC_ERROR_BASE); else - wpa_printf(MSG_DEBUG, "NSS: Bad Server Certificate (err %d)", + wpa_printf(MSG_ERROR, "NSS: Bad Server Certificate (err %d)", err); cert = SSL_PeerCertificate(fd); subject = CERT_NameToAscii(&cert->subject); issuer = CERT_NameToAscii(&cert->issuer); - wpa_printf(MSG_DEBUG, "NSS: Peer certificate subject='%s' issuer='%s'", + wpa_printf(MSG_ERROR, "NSS: Peer certificate subject='%s' issuer='%s'", subject, issuer); CERT_DestroyCertificate(cert);