On Tue, Nov 28, 2017 at 03:15:06PM -0800, Josh Triplett wrote: > On Wed, Nov 29, 2017 at 12:05:35AM +0100, Kurt Roeckx wrote: > > On Tue, Nov 28, 2017 at 02:12:07PM -0800, Josh Triplett wrote: > > > Package: libssl1.1 > > > Version: 1.1.0g-2 > > > Severity: important > > > Tags: upstream > > > > > > See https://github.com/openssl/openssl/issues/3594 ; current OpenSSL > > > breaks compatibility with the hook mechanism that wpa_supplicant used to > > > provide the passphrase for PEM keys. The net result is this: > > > > My understanding from reading that bug is that wpa supplicant > > would fix it? > > wpasupplicant can't necessarily fix this upstream, because the fix would > break on older OpenSSL. However, Debian could potentially patch > wpasupplicant if we're only ever going to build against the newer > OpenSSL.
As far as I understand it, upstream wpa could do two things: - Set it in the SSL_CTX before creating the SSL instead of after - Set it it both the SSL_CTX and SSL Kurt
