From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 17 Nov 2017 18:30:37 +0000 (+0200)
Subject: BoringSSL: Comment out SSL_set1_sigalgs_list() call
X-Git-Tag: hostap_2_7~840
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9dc63c261ffc32915eda403812fac11c20cb431;p=thirdparty%2Fhostap.git

BoringSSL: Comment out SSL_set1_sigalgs_list() call

It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide SSL_set1_sigalgs_list(). For now,
comment out this regardless of the version BoringSSL claims to be.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index beca18d29..3f024840c 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2499,12 +2499,14 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags)
 		EC_KEY_free(ecdh);
 	}
 	if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
+#ifndef OPENSSL_IS_BORINGSSL
 		/* ECDSA+SHA384 if need to add EC support here */
 		if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
 			wpa_printf(MSG_INFO,
 				   "OpenSSL: Failed to set Suite B sigalgs");
 			return -1;
 		}
+#endif /* OPENSSL_IS_BORINGSSL */
 
 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
 		SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);