rpms/wpa_supplicant/F-8 wpa_supplicant-0.5.7-use-IW_ENCODE_TEMP.patch, NONE, 1.1 wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch, 1.1, 1.2 wpa_supplicant.spec, 1.36, 1.37
Daniel Williams (dcbw)
fedora-extras-commits at redhat.com
Tue Nov 13 16:26:30 UTC 2007
Author: dcbw
Update of /cvs/extras/rpms/wpa_supplicant/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv553
Modified Files:
wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch
wpa_supplicant.spec
Added Files:
wpa_supplicant-0.5.7-use-IW_ENCODE_TEMP.patch
Log Message:
* Tue Nov 13 2007 Dan Williams <dcbw at redhat.com> - 0.5.7-16
- Add IW_ENCODE_TEMP patch for airo driver and Dynamic WEP
- Fix error in wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch that
caused the last error to not be printed
- Fix wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch to ignore
duplicate cert additions for all certs and keys
- Change license to BSD due to linkage against OpenSSL since there is no
OpenSSL exception in the GPLv2 license text that upstream ships
wpa_supplicant-0.5.7-use-IW_ENCODE_TEMP.patch:
--- NEW FILE wpa_supplicant-0.5.7-use-IW_ENCODE_TEMP.patch ---
Index: wpa_supplicant-0.4.8/driver_wext.c
===================================================================
--- wpa_supplicant-0.4.8.orig/driver_wext.c 2006-07-13 11:23:05.000000000 +0200
+++ wpa_supplicant-0.4.8/driver_wext.c 2006-07-13 11:23:57.000000000 +0200
@@ -1280,6 +1280,7 @@ static int wpa_driver_wext_set_key_ext(v
memset(&iwr, 0, sizeof(iwr));
strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
iwr.u.encoding.flags = key_idx + 1;
+ iwr.u.encoding.flags |= IW_ENCODE_TEMP;
if (alg == WPA_ALG_NONE)
iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
iwr.u.encoding.pointer = (caddr_t) ext;
@@ -1401,6 +1402,7 @@ int wpa_driver_wext_set_key(void *priv,
memset(&iwr, 0, sizeof(iwr));
strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
iwr.u.encoding.flags = key_idx + 1;
+ iwr.u.encoding.flags |= IW_ENCODE_TEMP;
if (alg == WPA_ALG_NONE)
iwr.u.encoding.flags |= IW_ENCODE_DISABLED;
iwr.u.encoding.pointer = (caddr_t) key;
@@ -1415,6 +1417,7 @@ int wpa_driver_wext_set_key(void *priv,
memset(&iwr, 0, sizeof(iwr));
strncpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
iwr.u.encoding.flags = key_idx + 1;
+ iwr.u.encoding.flags |= IW_ENCODE_TEMP;
iwr.u.encoding.pointer = (caddr_t) NULL;
iwr.u.encoding.length = 0;
if (ioctl(drv->ioctl_sock, SIOCSIWENCODE, &iwr) < 0) {
wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch:
Index: wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch
===================================================================
RCS file: /cvs/extras/rpms/wpa_supplicant/F-8/wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch 28 Oct 2007 04:12:11 -0000 1.1
+++ wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch 13 Nov 2007 16:26:25 -0000 1.2
@@ -1,22 +1,155 @@
-diff -up wpa_supplicant-0.5.7/tls_openssl.c.ignore-dup-ca-cert wpa_supplicant-0.5.7/tls_openssl.c
---- wpa_supplicant-0.5.7/tls_openssl.c.ignore-dup-ca-cert 2007-10-27 23:20:13.000000000 -0400
-+++ wpa_supplicant-0.5.7/tls_openssl.c 2007-10-27 23:20:57.000000000 -0400
-@@ -1105,11 +1105,13 @@ static int tls_connection_ca_cert(void *
+diff -up wpa_supplicant-0.5.7/tls_openssl.c.ignore-dup-ca-cert-addition wpa_supplicant-0.5.7/tls_openssl.c
+--- wpa_supplicant-0.5.7/tls_openssl.c.ignore-dup-ca-cert-addition 2006-11-29 23:50:28.000000000 -0500
++++ wpa_supplicant-0.5.7/tls_openssl.c 2007-11-13 11:19:30.000000000 -0500
+@@ -1105,11 +1105,21 @@ static int tls_connection_ca_cert(void *
}
if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
-- tls_show_errors(MSG_WARNING, __func__,
-- "Failed to add ca_cert_blob to "
-- "certificate store");
++ unsigned long err = ERR_peek_error();
++
+ tls_show_errors(MSG_WARNING, __func__,
+ "Failed to add ca_cert_blob to "
+ "certificate store");
- X509_free(cert);
- return -1;
-+ if (ERR_get_error() != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
-+ tls_show_errors(MSG_WARNING, __func__,
-+ "Failed to add ca_cert_blob to "
-+ "certificate store");
++
++ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
++ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
++ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
++ "cert already in hash table error",
++ __func__);
++ } else {
+ X509_free(cert);
+ return -1;
+ }
}
X509_free(cert);
wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
+@@ -1259,15 +1269,28 @@ static int tls_connection_client_cert(st
+ if (client_cert == NULL && client_cert_blob == NULL)
+ return 0;
+
+- if (client_cert_blob &&
+- SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
++ if (client_cert_blob) {
++ if (SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
+ client_cert_blob_len) == 1) {
+- wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
+- "OK");
+- return 0;
+- } else if (client_cert_blob) {
+- tls_show_errors(MSG_DEBUG, __func__,
+- "SSL_use_certificate_ASN1 failed");
++ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1"
++ " --> OK");
++ return 0;
++ } else {
++ unsigned long err = ERR_peek_error();
++
++ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
++ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
++ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
++ "cert already in hash table error",
++ __func__);
++ wpa_printf(MSG_DEBUG, "OpenSSL: "
++ "SSL_use_certificate_ASN1 --> OK");
++ return 0;
++ }
++
++ tls_show_errors(MSG_DEBUG, __func__,
++ "SSL_use_certificate_ASN1 failed");
++ }
+ }
+
+ if (client_cert == NULL)
+@@ -1515,40 +1538,73 @@ static int tls_connection_private_key(vo
+ while (private_key_blob) {
+ if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
+ (u8 *) private_key_blob,
+- private_key_blob_len) == 1) {
+- wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
+- "ASN1(EVP_PKEY_RSA) --> OK");
+- ok = 1;
+- break;
+- } else {
++ private_key_blob_len) != 1) {
++ unsigned long err = ERR_peek_error();
++
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA)"
+ " failed");
++ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
++ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
++ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
++ "cert already in hash table error",
++ __func__);
++ ok = 1;
++ }
++ } else
++ ok = 1;
++
++ if (ok == 1) {
++ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
++ "ASN1(EVP_PKEY_RSA) --> OK");
++ break;
+ }
+
+ if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
+ (u8 *) private_key_blob,
+- private_key_blob_len) == 1) {
+- wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
+- "ASN1(EVP_PKEY_DSA) --> OK");
+- ok = 1;
+- break;
+- } else {
++ private_key_blob_len) != 1) {
++ unsigned long err = ERR_peek_error();
++
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA)"
+ " failed");
++ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
++ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
++ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
++ "cert already in hash table error",
++ __func__);
++ ok = 1;
++ }
++ } else
++ ok = 1;
++
++ if (ok == 1) {
++ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
++ "ASN1(EVP_PKEY_DSA) --> OK");
++ break;
+ }
+
+ if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
+ (u8 *) private_key_blob,
+- private_key_blob_len) == 1) {
++ private_key_blob_len) != 1) {
++ unsigned long err = ERR_peek_error();
++
++ tls_show_errors(MSG_DEBUG, __func__,
++ "SSL_use_RSAPrivateKey_ASN1 failed");
++ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
++ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
++ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
++ "cert already in hash table error",
++ __func__);
++ ok = 1;
++ }
++ } else
++ ok = 1;
++
++ if (ok == 1) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: "
+ "SSL_use_RSAPrivateKey_ASN1 --> OK");
+- ok = 1;
+ break;
+- } else {
+- tls_show_errors(MSG_DEBUG, __func__,
+- "SSL_use_RSAPrivateKey_ASN1 failed");
+ }
+
+ if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
Index: wpa_supplicant.spec
===================================================================
RCS file: /cvs/extras/rpms/wpa_supplicant/F-8/wpa_supplicant.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- wpa_supplicant.spec 28 Oct 2007 05:03:40 -0000 1.36
+++ wpa_supplicant.spec 13 Nov 2007 16:26:25 -0000 1.37
@@ -2,8 +2,8 @@
Name: wpa_supplicant
Epoch: 1
Version: 0.5.7
-Release: 15%{?dist}
-License: GPLv2
+Release: 16%{?dist}
+License: BSD
Group: System Environment/Base
Source0: http://hostap.epitest.fi/releases/%{name}-%{version}.tar.gz
Source1: %{name}.config
@@ -27,6 +27,7 @@
Patch11: wpa_supplicant-0.5.7-dbus-permissions-fix.patch
Patch12: wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch
Patch13: wpa_supplicant-0.5.7-fix-dynamic-wep-with-mac80211.patch
+Patch14: wpa_supplicant-0.5.7-use-IW_ENCODE_TEMP.patch
URL: http://w1.fi/wpa_supplicant/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -67,6 +68,7 @@
%patch11 -p1 -b .dbus-permissions-fix
%patch12 -p1 -b .ignore-dup-ca-cert-addition
%patch13 -p1 -b .fix-dynamic-wep-with-mac80211
+%patch14 -p1 -b .use-IW_ENCODE_TEMP
%build
cp %{SOURCE1} ./.config
@@ -152,6 +154,15 @@
%{_bindir}/wpa_gui
%changelog
+* Tue Nov 13 2007 Dan Williams <dcbw at redhat.com> - 0.5.7-16
+- Add IW_ENCODE_TEMP patch for airo driver and Dynamic WEP
+- Fix error in wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch that
+ caused the last error to not be printed
+- Fix wpa_supplicant-0.5.7-ignore-dup-ca-cert-addition.patch to ignore
+ duplicate cert additions for all certs and keys
+- Change license to BSD due to linkage against OpenSSL since there is no
+ OpenSSL exception in the GPLv2 license text that upstream ships
+
* Sun Oct 28 2007 Dan Williams <dcbw at redhat.com> - 0.5.7-15
- Fix Dynamic WEP associations with mac80211-based drivers
More information about the scm-commits
mailing list