On 2023/10/03 21:15, Stuart Henderson wrote: > On 2023/10/03 19:17, haywirrr wrote: > > It would seem that the latest snapshot version of wpa_supplicant was > > compiled using a version of LibreSSL that does not support TLS 1.0. > > While this doesn't surprise me, my ISP requires 802.1X authentication > > and only TLS 1.0 is available. > > > > I attempted to build wpa_supplicant from ports using LibreSSL 3.7.3 > > but I am running into build errors along the way. I am hoping that > > someone may be able to point me in the right direction in terms of > > the correct compilation flags, or perhaps suggest a different 802.1X > > client. > > OpenBSD only uses the standard version of LibreSSL from the base > OS, which no longer allows setting TLS 1.0 or 1.1. > > You could try this, which allows building with OpenSSL instead. > Set "FLAVOR=openssl" on the command line when building (e.g. > 'pkg_delete wpa_supplicant; FLAVOR=openssl make install').
oops, rpath also needed, new diff Index: Makefile =================================================================== RCS file: /cvs/ports/security/wpa_supplicant/Makefile,v retrieving revision 1.53 diff -u -p -r1.53 Makefile --- Makefile 27 Sep 2023 16:34:38 -0000 1.53 +++ Makefile 3 Oct 2023 20:48:14 -0000 @@ -1,7 +1,7 @@ COMMENT= IEEE 802.1X supplicant DISTNAME= wpa_supplicant-2.9 -REVISION= 2 +REVISION= 3 CATEGORIES= security net HOMEPAGE= https://w1.fi/wpa_supplicant/ @@ -9,7 +9,7 @@ HOMEPAGE= https://w1.fi/wpa_supplicant/ # BSD PERMIT_PACKAGE= Yes -WANTLIB += c ssl crypto pcap pcsclite pthread +WANTLIB += c pcap pcsclite pthread LIB_DEPENDS= security/pcsc-lite @@ -18,7 +18,24 @@ SITES= https://w1.fi/releases/ USE_GMAKE= Yes NO_TEST= Yes MAKE_FLAGS= V=1 -MAKE_ENV= CFLAGS="${CFLAGS}" CC="${CC}" +MAKE_ENV= CC="${CC}" \ + CFLAGS="${CFLAGS}" \ + LIBS="-L${LOCALBASE}/lib ${LIBS}" + +FLAVORS= openssl +FLAVOR?= + +CFLAGS+= -I${LOCALBASE}/include/PCSC + +.if ${FLAVOR:Mopenssl} +LIB_DEPENDS += security/openssl/3.1 +CFLAGS += -Wno-deprecated-declarations -I${LOCALBASE}/include/eopenssl31 +LIBS += -Wl,-rpath ${LOCALBASE}/lib/eopenssl31 -L${LOCALBASE}/lib/eopenssl31 +# -lssl -lcrypto +WANTLIB += lib/eopenssl31/crypto lib/eopenssl31/ssl +.else +WANTLIB += crypto ssl +.endif WRKSRC= ${WRKDIST}/wpa_supplicant
