{"id":812982,"url":"http://patchwork.ozlabs.org/api/patches/812982/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/patch/20170912174336.2161-1-greearb@candelatech.com/","project":{"id":22,"url":"http://patchwork.ozlabs.org/api/projects/22/?format=json","name":"HostAP Development","link_name":"hostap","list_id":"hostap.lists.infradead.org","list_email":"hostap@lists.infradead.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170912174336.2161-1-greearb@candelatech.com>","list_archive_url":null,"date":"2017-09-12T17:43:36","name":"hs20: Allow compiling hs20 client on fedora-26","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"e9960e29b87098ee55dc56ec8d508fe0254a8779","submitter":{"id":852,"url":"http://patchwork.ozlabs.org/api/people/852/?format=json","name":"Ben Greear","email":"greearb@candelatech.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/hostap/patch/20170912174336.2161-1-greearb@candelatech.com/mbox/","series":[{"id":2749,"url":"http://patchwork.ozlabs.org/api/series/2749/?format=json","web_url":"http://patchwork.ozlabs.org/project/hostap/list/?series=2749","date":"2017-09-12T17:43:36","name":"hs20: Allow compiling hs20 client on fedora-26","version":1,"mbox":"http://patchwork.ozlabs.org/series/2749/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/812982/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/812982/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org; spf=none (mailfrom)\n\tsmtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133;\n\thelo=bombadil.infradead.org;\n\tenvelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=lists.infradead.org\n\theader.i=@lists.infradead.org header.b=\"f6jbi3UO\"; \n\tdkim-atps=neutral"],"Received":["from bombadil.infradead.org (bombadil.infradead.org\n\t[65.50.211.133])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xsByF0Rc8z9s7M\n\tfor ;\n\tWed, 13 Sep 2017 03:44:53 +1000 (AEST)","from localhost ([127.0.0.1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1drpEX-0002ve-FU; Tue, 12 Sep 2017 17:44:25 +0000","from mail2.candelatech.com ([208.74.158.173])\n\tby bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux))\n\tid 1drpE8-0002sk-W4\n\tfor hostap@lists.infradead.org; Tue, 12 Sep 2017 17:44:02 +0000","from v-f26-64.candelatech.com (firewall.candelatech.com\n\t[50.251.239.81])\n\tby mail2.candelatech.com (Postfix) with ESMTP id 7347B40A5CB;\n\tTue, 12 Sep 2017 10:43:39 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20170209; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:\n\tList-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date:\n\tSubject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:\n\tResent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:\n\tReferences:List-Owner; bh=S+gLDpxqo6Oq+e1ccrJfKwMC+DSOAEbcT8S5bstKpxg=;\n\tb=f6j\n\tbi3UOjKe6E1wNmP4l/r6reH7/9QTaetDlLtQ05nuhD/cpsL2Oq7myXBDGfiA4NQ5P5RQNEPQosLlX\n\tScGyuLLt/c9RTn9H/knaWZG7b+93h0xcyZZT0VQdvU7K4IAcAtbaqw3G4lrE3ADk1pmMZ2CA7jqT3\n\tbn5Gsf7s2qmneGtnhKdOQItEZIxJBNi67cAZboyN40WLVVJLG0f+I7A82N0J9Kt6qOuqWKN15z+sZ\n\twGBR78OdlmnNJydB630Hf20H4hiXZWjTQThF6LDL5pc8UD5uHfwbPS0IyqqugXMyiX1hoL3YiAVpw\n\tO9LkpMq8XWvd6OWN4lJgg3IjCfoMtww==;","From":"greearb@candelatech.com","To":"hostap@lists.infradead.org","Subject":"[PATCH] hs20: Allow compiling hs20 client on fedora-26","Date":"Tue, 12 Sep 2017 10:43:36 -0700","Message-Id":"<20170912174336.2161-1-greearb@candelatech.com>","X-Mailer":"git-send-email 2.13.5","X-CRM114-Version":"20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ","X-CRM114-CacheID":"sfid-20170912_104401_094488_770BD5D5 ","X-CRM114-Status":"GOOD ( 12.07 )","X-Spam-Score":"-1.9 (-)","X-Spam-Report":"SpamAssassin version 3.4.1 on bombadil.infradead.org summary:\n\tContent analysis details: (-1.9 points)\n\tpts rule name description\n\t---- ----------------------\n\t--------------------------------------------------\n\t-0.0 SPF_PASS SPF: sender matches SPF record\n\t-0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay\n\tdomain\n\t-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%\n\t[score: 0.0000]","X-BeenThere":"hostap@lists.infradead.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"Ben Greear ","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Sender":"\"Hostap\" ","Errors-To":"hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"},"content":"From: Ben Greear \n\nSeems openssl has changed quite a bit, so some of the\nhacks and direct access to members no longer works.\nThis is an attempt at fixing that.\n\nSigned-off-by: Ben Greear \n---\n hs20/client/est.c | 8 ++++++--\n src/utils/http_curl.c | 22 +++++++++++++++++++---\n 2 files changed, 25 insertions(+), 5 deletions(-)","diff":"diff --git a/hs20/client/est.c b/hs20/client/est.c\nindex 9f1519bf4..b865cbdfa 100644\n--- a/hs20/client/est.c\n+++ b/hs20/client/est.c\n@@ -219,6 +219,10 @@ typedef struct {\n \t} d;\n } AttrOrOID;\n \n+#ifndef OPENSSL_IS_BORINGSSL\n+DEFINE_STACK_OF(AttrOrOID)\n+#endif\n+\n typedef struct {\n \tint type;\n \tSTACK_OF(AttrOrOID) *attrs;\n@@ -352,9 +356,9 @@ static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs,\n \t\t}\n \t}\n #else /* OPENSSL_IS_BORINGSSL */\n-\tnum = SKM_sk_num(AttrOrOID, csrattrs->attrs);\n+\tnum = sk_AttrOrOID_num(csrattrs->attrs);\n \tfor (i = 0; i < num; i++) {\n-\t\tAttrOrOID *ao = SKM_sk_value(AttrOrOID, csrattrs->attrs, i);\n+\t\tAttrOrOID *ao = sk_AttrOrOID_value(csrattrs->attrs, i);\n \t\tswitch (ao->type) {\n \t\tcase 0:\n \t\t\tadd_csrattrs_oid(ctx, ao->d.oid, exts);\ndiff --git a/src/utils/http_curl.c b/src/utils/http_curl.c\nindex 58519ea8d..ca2279ac5 100644\n--- a/src/utils/http_curl.c\n+++ b/src/utils/http_curl.c\n@@ -446,6 +446,7 @@ sk_num(CHECKED_CAST(_STACK *, STACK_OF(ASN1_IA5STRING) *, (st)))\n #define sk_ASN1_IA5STRING_value(st, i) (ASN1_IA5STRING *) \\\n sk_value(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_IA5STRING) *, (st)), (i))\n #else /* OPENSSL_IS_BORINGSSL */\n+#ifdef SKM_sk_num\n #define sk_LogotypeInfo_num(st) SKM_sk_num(LogotypeInfo, (st))\n #define sk_LogotypeInfo_value(st, i) SKM_sk_value(LogotypeInfo, (st), (i))\n #define sk_LogotypeImage_num(st) SKM_sk_num(LogotypeImage, (st))\n@@ -456,6 +457,13 @@ sk_value(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_IA5STRING) *, (st)), (i))\n #define sk_HashAlgAndValue_value(st, i) SKM_sk_value(HashAlgAndValue, (st), (i))\n #define sk_ASN1_IA5STRING_num(st) SKM_sk_num(ASN1_IA5STRING, (st))\n #define sk_ASN1_IA5STRING_value(st, i) SKM_sk_value(ASN1_IA5STRING, (st), (i))\n+#else\n+DEFINE_STACK_OF(LogotypeInfo)\n+DEFINE_STACK_OF(LogotypeImage)\n+DEFINE_STACK_OF(LogotypeAudio)\n+DEFINE_STACK_OF(HashAlgAndValue)\n+DEFINE_STACK_OF(ASN1_IA5STRING)\n+#endif\n #endif /* OPENSSL_IS_BORINGSSL */\n \n \n@@ -1136,7 +1144,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)\n \t\treturn 0;\n \t}\n \n-\tstore = SSL_CTX_get_cert_store(s->ctx);\n+\tstore = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s));\n \tif (ctx->peer_issuer) {\n \t\twpa_printf(MSG_DEBUG, \"OpenSSL: Add issuer\");\n \t\tdebug_dump_cert(\"OpenSSL: Issuer certificate\",\n@@ -1271,13 +1279,14 @@ static int ocsp_resp_cb(SSL *s, void *arg)\n \treturn 1;\n }\n \n+#if (OPENSSL_VERSION_NUMBER < 0x1010006fL)\n \n static SSL_METHOD patch_ssl_method;\n static const SSL_METHOD *real_ssl_method;\n \n static int curl_patch_ssl_new(SSL *s)\n {\n-\tSSL_CTX *ssl = s->ctx;\n+\tSSL_CTX *ssl = SSL_get_SSL_CTXs->ctx;\n \tint ret;\n \n \tssl->method = real_ssl_method;\n@@ -1288,6 +1297,7 @@ static int curl_patch_ssl_new(SSL *s)\n \n \treturn ret;\n }\n+#endif\n \n #endif /* HAVE_OCSP */\n \n@@ -1306,6 +1316,7 @@ static CURLcode curl_cb_ssl(CURL *curl, void *sslctx, void *parm)\n \t\tSSL_CTX_set_tlsext_status_cb(ssl, ocsp_resp_cb);\n \t\tSSL_CTX_set_tlsext_status_arg(ssl, ctx);\n \n+#if (OPENSSL_VERSION_NUMBER < 0x1010006fL)\n \t\t/*\n \t\t * Use a temporary SSL_METHOD to get a callback on SSL_new()\n \t\t * from libcurl since there is no proper callback registration\n@@ -1315,6 +1326,7 @@ static CURLcode curl_cb_ssl(CURL *curl, void *sslctx, void *parm)\n \t\tpatch_ssl_method.ssl_new = curl_patch_ssl_new;\n \t\treal_ssl_method = ssl->method;\n \t\tssl->method = &patch_ssl_method;\n+#endif\n \t}\n #endif /* HAVE_OCSP */\n \n@@ -1351,13 +1363,17 @@ static CURL * setup_curl_post(struct http_ctx *ctx, const char *address,\n #ifdef EAP_TLS_OPENSSL\n \t\tcurl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_cb_ssl);\n \t\tcurl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, ctx);\n-#ifdef OPENSSL_IS_BORINGSSL\n+#if (defined OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010006fL)\n \t\t/* For now, using the CURLOPT_SSL_VERIFYSTATUS option only\n \t\t * with BoringSSL since the OpenSSL specific callback hack to\n \t\t * enable OCSP is not available with BoringSSL. The OCSP\n \t\t * implementation within libcurl is not sufficient for the\n \t\t * Hotspot 2.0 OSU needs, so cannot use this with OpenSSL.\n \t\t */\n+\t\t/* Fedora-26 OpenSSL (0x1010006f) Lno longer has access\n+\t\t * to internals to do that hack, so enable the option for\n+\t\t * that as well. --Ben\n+\t\t */\n \t\tif (ctx->ocsp != NO_OCSP)\n \t\t\tcurl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L);\n #endif /* OPENSSL_IS_BORINGSSL */\n","prefixes":[]}