diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..34bf3d39 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "openssl"] + path = openssl + url = https://github.com/openssl/openssl diff --git a/build.sh b/build.sh new file mode 100755 index 00000000..b485acc7 --- /dev/null +++ b/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +echo "[*] Downloading OpenSSL..." +git submodule init +git submodule update + +echo "[*] Building OpenSSL..." +cd openssl +./config --prefix=$(pwd)/local enable-ssl2 enable-ssl3 enable-ssl3-method enable-des enable-rc4 enable-weak-ssl-ciphers no-shared +make +make install_sw +cd .. + +echo "[*] Building hostapd-mana..." +cd hostapd +make +cd .. + +echo "[+] Done!" diff --git a/hostapd/.config b/hostapd/.config index 00e39dea..680d8b76 100644 --- a/hostapd/.config +++ b/hostapd/.config @@ -9,6 +9,9 @@ # be modified from here. In most cass, these lines should use += in order not # to override previous values of the variables. +# Use local OpenSSL library +CONFIG_OPENSSL=y + # Driver interface for Host AP driver CONFIG_DRIVER_HOSTAP=y @@ -26,6 +29,8 @@ CONFIG_DRIVER_NL80211=y # #CFLAGS += -I$ #LIBS += -L$ +LIBS += -L../openssl/local/lib/ +CFLAGS += -I../openssl/local/include/ # Use libnl v2.0 (or 3.0) libraries. #CONFIG_LIBNL20=y diff --git a/hostapd/.gitignore b/hostapd/.gitignore new file mode 100644 index 00000000..3945e392 --- /dev/null +++ b/hostapd/.gitignore @@ -0,0 +1,4 @@ +hostapd +hostapd_cli +*.o +*.d diff --git a/hostapd/Makefile b/hostapd/Makefile index 955805d7..70a2d4d6 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -29,6 +29,11 @@ export BINDIR ?= /usr/local/bin/ -include .config +ifdef CONFIG_OPENSSL +LIBS += -Wl,-rpath=../openssl/local/lib +LIBS += -lpthread +endif + ifndef CONFIG_NO_GITVER # Add VERSION_STR postfix for builds from a git repository ifeq ($(wildcard ../.git),../.git) diff --git a/hostapd/defconfig b/hostapd/defconfig index 82bc781c..75f55f72 100644 --- a/hostapd/defconfig +++ b/hostapd/defconfig @@ -9,6 +9,9 @@ # be modified from here. In most cass, these lines should use += in order not # to override previous values of the variables. +# Use local OpenSSL library +CONFIG_OPENSSL=y + # Driver interface for Host AP driver CONFIG_DRIVER_HOSTAP=y @@ -26,6 +29,8 @@ CONFIG_DRIVER_NL80211=y # #CFLAGS += -I$ #LIBS += -L$ +LIBS += -L../openssl/local/lib/ +CFLAGS += -I../openssl/local/include/ # Use libnl v2.0 (or 3.0) libraries. #CONFIG_LIBNL20=y diff --git a/openssl b/openssl new file mode 160000 index 00000000..50eaac9f --- /dev/null +++ b/openssl @@ -0,0 +1 @@ +Subproject commit 50eaac9f3337667259de725451f201e784599687 diff --git a/src/.gitignore b/src/.gitignore new file mode 100644 index 00000000..2dccb836 --- /dev/null +++ b/src/.gitignore @@ -0,0 +1,2 @@ +**.o +**.d diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index a8efe552..b3067faa 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -970,8 +970,8 @@ void * tls_init(const struct tls_config *conf) if (conf) data->tls_session_lifetime = conf->tls_session_lifetime; - SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2); - SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3); + //SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2); + //SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3); SSL_CTX_set_info_callback(ssl, ssl_info_cb); SSL_CTX_set_app_data(ssl, context); @@ -1350,8 +1350,9 @@ struct tls_connection * tls_connection_init(void *ssl_ctx) SSL_set_app_data(conn->ssl, conn); SSL_set_msg_callback(conn->ssl, tls_msg_cb); SSL_set_msg_callback_arg(conn->ssl, conn); - options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | - SSL_OP_SINGLE_DH_USE; + //options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | + // SSL_OP_SINGLE_DH_USE; + options = SSL_OP_SINGLE_DH_USE; #ifdef SSL_OP_NO_COMPRESSION options |= SSL_OP_NO_COMPRESSION; #endif /* SSL_OP_NO_COMPRESSION */