Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

BoringSSL: Comment out SSL_build_cert_chain() call

It looks like BoringSSL does include that function even though it claims
support for OPENSSL_VERSION_NUMBER where this is available (1.0.2). For
now, comment out that call to fix build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 9 years ago
parent
812f28b79c
commit
226cdea6ca
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      src/crypto/tls_openssl.c

+ 2 - 0
src/crypto/tls_openssl.c
View File 

@@ -2125,6 +2125,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
 
 			}
 
 		}
 
 		sk_X509_free(certs);
 
+#ifndef OPENSSL_IS_BORINGSSL
 
 		res = SSL_build_cert_chain(ssl,
 
 					   SSL_BUILD_CHAIN_FLAG_CHECK |
 
 					   SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
 
@@ -2135,6 +2136,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
 
 			wpa_printf(MSG_DEBUG,
 
 				   "TLS: Ignore certificate chain verification error when building chain with PKCS#12 extra certificates");
 
 		}
 
+#endif /* OPENSSL_IS_BORINGSSL */
 
 		/*
 
 		 * Try to continue regardless of result since it is possible for
 
 		 * the extra certificates not to be required.