]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 85851d1) | patch
OpenSSL: Use pkcs11-provider when OPENSSL_NO_ENGINE is defined
authorDavide Caratti <davide.caratti@gmail.com>
Wed, 15 Jan 2025 17:04:54 +0000 (18:04 +0100)
committerJouni Malinen <j@w1.fi>
Sun, 2 Feb 2025 15:49:53 +0000 (17:49 +0200)
commit400b89162294f0344d82334218e8950fd01bb12f
treef303329dd0e83a966498da2bcad07904ac96120atree
parent85851d1dcdb149f8341a52037beeb9c14d7f6cc8commit | diff
OpenSSL: Use pkcs11-provider when OPENSSL_NO_ENGINE is defined

Now that ENGINE API starts being deprecated in distros (like Fedora [1])
wpa_supplicant users might need a way to load certificates and keys from
PKCS11 URIs even when OPENSSL_NO_ENGINE is defined. We can do that using
pkcs11-provider: load it by default in wpa_supplicant, and try to use it
when OPENSSL_NO_ENGINE is defined and configuration requests PKCS11 URIs
for certificates / keys.

Inspired by pkcs11-provider test program 'tlssetkey.c' [2]

[1] https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
[2] https://github.com/latchset/pkcs11-provider/blob/main/tests/tlssetkey.c

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
src/crypto/tls_openssl.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.