On 2023/10/05 17:19, haywirrr wrote: > > > > > > Sent with Proton Mail secure email. > > ------- Original Message ------- > On Thursday, October 5th, 2023 at 8:51 AM, Stuart Henderson > <[email protected]> wrote: > > > > On 2023/10/05 13:09, haywirrr wrote: > > > > > oports# ldconfig -r | head > > > /var/run/ld.so.hints: > > > search directories: /usr/lib > > > 0:-lexecinfo.3.0 => /usr/lib/libexecinfo.so.3.0 > > > 1:-lfido2.7.0 => /usr/lib/libfido2.so.7.0 > > > 2:-lcbor.2.0 => /usr/lib/libcbor.so.2.0 > > > 3:-lform.6.0 => /usr/lib/libform.so.6.0 > > > 4:-lformw.6.0 => /usr/lib/libformw.so.6.0 > > > 5:-lagentx.1.1 => /usr/lib/libagentx.so.1.1 > > > 6:-liberty.12.0 => /usr/lib/libiberty.so.12.0 > > > 7:-lm.10.1 => /usr/lib/libm.so.10.1 > > > > > > Something about your installation is nonstandard because /etc/rc should > > be adding /usr/local/lib and /usr/X11R6/lib to the search path (see > > around line 617), that is responsible for wpa_supplicant not finding > > libpcsclite, and will break most other packages too. > > Hi Stuart, > > This installation is indeed standard, this is actually a virtual > machine created for testing this exact issue. I installed 7.3 from > the image file, along with all of the sets. From there, I immediately > upgraded to a snapshot, rebooted and pulled a fresh copy of the ports. > I updated the ports using CVS and then built wpa_supplicant with your > Makefile patch. > > After rebooting the virtual machine, all of the correct paths were > listed on the testing VM, though I am not clear on what caused the > issue in the first place. In any event, following the reboot I was able > to run wpa_supplicant without receiving the error message.
No idea what's going on there then. /usr/local/lib is included in the baseXX.tgz sets so there's no reason for /etc/rc calling ldconfig to fail from a default install. Perhaps something is visible in dmesg -s. I've not seen that here. > Unfortunately, I hit another snag when attempting to perform the 802.1X > authentication using the OpenSSL 3.1 flavor of wpa_supplicant: > > SSL routines::unsafe legacy renegotiation disabled > > Some research led me to manually apply the patch below and now, > wpa_supplicant stalls after loading the certificates, which prevents > authentication from completing. I then adjusted your Makefile patch to > use OpenSSL 1.1, re-compiled, packaged and reinstalled wpa_supplicant. > I then rebooted (to be safe) and tested the new OpenSSL 1.1 flavor of > wpa_supplicant and I was finally able to complete the 802.1X > authentication process. At least now I have a way forward when 7.4 is > released, thank you very much for your assistance. > > I am not sure if this is the most appropriate place to ask this but > is it possible to make the OpenSSL flavors of wpa_supplicant > available as binary packages in the official repositories? > > Thanks again for all of your help! > > OpenSSL 3 wpa_supplicant patch reference: > https://gitlab.archlinux.org/bryango/wpa_supplicant/-/blob/2-2.10-8/wpa_supplicant-legacy-server-connect.patch hmm - it's not ideal to use OpenSSL 1.1 any more because security updates from the old branches are now only available to paying customers... There could well be something else in the changes between wpa_supplicant 2.9 and 2.10 that will help with OpenSSL 3.x, but there have been other changes which mean that src/drivers/driver_openbsd.c no longer compiles, and I don't know how to fix that.
