-
-
Notifications
You must be signed in to change notification settings - Fork 10k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libopenssl-legacy not selected by default for hostapd-basic-openssl #15120
Comments
Invalid Version reported. |
Ah yes well, not exactly. Sorry. It's one commit ahead of main, but that's not touching any relevant files. |
Ah, libopenssl-legacy is required for the IDEA and SEED ciphers and MDC2 and WHIRLPOOL digests. |
I'm confused. The hostapd-basic-* variants are PSK-only. What ciphers exactly are provided by libopenssl-legacy that hostapd-basic-openssl strictly requires? Note that I use hostapd-basic-openssl on my devices and never had any issues whatsoever (with WPA2/WPA3-mixed and OWE). Additionally, from my .config…
… what am I missing? |
Huh, I'm confused as well. I tried it from a clean repository again now, deselected the default wpad-basic-mbedtls and selected hostapd-basic-openssl. This is my diffconfig:
(Also @nbd168 commit includes wpad-basic-openssl; why? If these ciphers/digests are not strictly required, why include wpad but not hostapd?) Edit: These are selected by default if SMALL_FLASH isn't set 🤔 |
Those are just defaults. I do my own builds and my configuration is heavily streamlined and reduced to the bare minimum. I can assure you, however, I never had any issues without those ciphers. And I just remembered that it was actually me who added the hostapd-basic-openssl variant (10e73b1), because, well… it's the one I personally use.
They are very likely enabled by default for other software that requires them, but certainly not hostapd-basic-openssl. |
Ah, that makes sense, thank you! I'll go ahead and try it out on mine as well.
Hm, but still: Why though? hostapd-basic-openssl is the only openssl variant that's not included, every other one is. Since wpad-basic-openssl also depends on them: Does wpa_supplicant need those? |
No idea. @nbd168? |
This is an interesting one, I am tempted to merge the PR to include it for |
Just my two cents, but maybe it'd be better to wait for nbd's reply? rsalvaterra is right, I've run it also with libopenssl-legacy omitted and didn't observe any obvious relevant authentication failures. Perhaps it's not required anymore and could be dropped from all other variants as well. |
No, please don't merge this. It's definitely not needed for this hostapd
variant.
A sábado, 1/06/2024, 14:51, icecream42 ***@***.***> escreveu:
… This is an interesting one, I am tempted to merge the PR to include it for
hostapd-basic-openssl as it makes no sense why its special
Just my two cents, but maybe it'd be better to wait for nbd's reply?
rsalvaterra is right, I've run it also with libopenssl-legacy omitted and
didn't observe any obvious relevant authentication failures. Perhaps it's
not required anymore and could be dropped from all other variants as well.
—
Reply to this email directly, view it on GitHub
<#15120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ARUK3JE3QVEFUQCTOLPMWZLZFHGXPAVCNFSM6AAAAABF72GUOKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBTGQ2TMNJVGI>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Describe the bug
For the hostapd-basic-openssl variant libopenssl-legacy is not selected by default. According to this commit a lot of authentication modes fail without it.
depends for hostapd-basic-openssl
depends for other openssl variants
Is this intentioned or was the basic variant overlooked?
OpenWrt version
r25870+1-08639a5e47
OpenWrt release
SNAPSHOT
OpenWrt target/subtarget
ramips/mt7621
Device
D-Link DAP-X1860 A1
Image kind
Self-built image
Steps to reproduce
Actual behaviour
libopenssl-legacy is not selected as dependency
Expected behaviour
libopenssl-legacy is selected as dependency
Additional info
No response
Diffconfig
Terms
The text was updated successfully, but these errors were encountered: