[rpms/wpa_supplicant] rawhide: Build fixes for OpenSSL 4.0

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/wpa_supplicant] rawhide: Build fixes for OpenSSL 4.0
@ 2026-06-12 20:01 Simo Sorce
  0 siblings, 0 replies; only message in thread
From: Simo Sorce @ 2026-06-12 20:01 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/wpa_supplicant
            Branch : rawhide
            Commit : 9b2bcc8f889f1a1d368fc392aa03740a5f2a4826
            Author : Simo Sorce <simo@redhat.com>
            Date   : 2026-04-28T19:13:42-04:00
            Stats  : +92/-5 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/wpa_supplicant/c/9b2bcc8f889f1a1d368fc392aa03740a5f2a4826?branch=rawhide

            Log:
            Build fixes for OpenSSL 4.0

Signed-off-by: Simo Sorce <simo@redhat.com>

---
diff --git a/0001-Use-OpenSSL-ASN1_STRING-accessors.patch b/0001-Use-OpenSSL-ASN1_STRING-accessors.patch
new file mode 100644
index 0000000..4553ebb
--- /dev/null
+++ b/0001-Use-OpenSSL-ASN1_STRING-accessors.patch
@@ -0,0 +1,83 @@
+From 02487437b1e01cdb25c2fb0de1d353d47621fe65 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Tue, 28 Apr 2026 19:11:40 -0400
+Subject: [PATCH] Use OpenSSL ASN1_STRING accessors
+
+Replace direct access to the data and length fields of ASN1_STRING structures
+with the ASN1_STRING_get0_data() and ASN1_STRING_length() accessor functions.
+This is necessary because OpenSSL made these structures opaque in newer
+versions, preventing direct field access and causing compilation errors.
+
+Co-authored-by: Gemini <gemini@google.com>
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ src/crypto/tls_openssl.c | 25 ++++++++++++++-----------
+ 1 file changed, 14 insertions(+), 11 deletions(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index a77d5e9..114b5b8 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -2019,8 +2019,8 @@ static int tls_match_altsubject_component(X509 *cert, int type,
+ 		gen = sk_GENERAL_NAME_value(ext, i);
+ 		if (gen->type != type)
+ 			continue;
+-		if (os_strlen((char *) gen->d.ia5->data) == len &&
+-		    os_memcmp(value, gen->d.ia5->data, len) == 0)
++		if (os_strlen((char *) ASN1_STRING_get0_data(gen->d.ia5)) == len &&
++		    os_memcmp(value, ASN1_STRING_get0_data(gen->d.ia5), len) == 0)
+ 			found++;
+ 	}
+ 
+@@ -2341,10 +2341,10 @@ static int tls_match_suffix_helper(X509 *cert, const char *match,
+ 			continue;
+ 		dns_name++;
+ 		wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
+-				  gen->d.dNSName->data,
+-				  gen->d.dNSName->length);
+-		if (domain_suffix_match(gen->d.dNSName->data,
+-					gen->d.dNSName->length,
++				  ASN1_STRING_get0_data(gen->d.dNSName),
++				  ASN1_STRING_length(gen->d.dNSName));
++		if (domain_suffix_match(ASN1_STRING_get0_data(gen->d.dNSName),
++					ASN1_STRING_length(gen->d.dNSName),
+ 					match, match_len, full) == 1) {
+ 			wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found",
+ 				   full ? "Match" : "Suffix match");
+@@ -2375,8 +2375,10 @@ static int tls_match_suffix_helper(X509 *cert, const char *match,
+ 		if (cn == NULL)
+ 			continue;
+ 		wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName",
+-				  cn->data, cn->length);
+-		if (domain_suffix_match(cn->data, cn->length,
++				  ASN1_STRING_get0_data(cn),
++				  ASN1_STRING_length(cn));
++		if (domain_suffix_match(ASN1_STRING_get0_data(cn),
++					ASN1_STRING_length(cn),
+ 					match, match_len, full) == 1) {
+ 			wpa_printf(MSG_DEBUG, "TLS: %s in commonName found",
+ 				   full ? "Match" : "Suffix match");
+@@ -2585,7 +2587,7 @@ static void openssl_tls_cert_event(struct tls_connection *conn,
+ 		    gen->type != GEN_URI)
+ 			continue;
+ 
+-		pos = os_malloc(10 + gen->d.ia5->length + 1);
++		pos = os_malloc(10 + ASN1_STRING_length(gen->d.ia5) + 1);
+ 		if (pos == NULL)
+ 			break;
+ 		altsubject[num_altsubject++] = pos;
+@@ -2605,8 +2607,9 @@ static void openssl_tls_cert_event(struct tls_connection *conn,
+ 			break;
+ 		}
+ 
+-		os_memcpy(pos, gen->d.ia5->data, gen->d.ia5->length);
+-		pos += gen->d.ia5->length;
++		os_memcpy(pos, ASN1_STRING_get0_data(gen->d.ia5),
++			  ASN1_STRING_length(gen->d.ia5));
++		pos += ASN1_STRING_length(gen->d.ia5);
+ 		*pos = '\0';
+ 	}
+ 	sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
+-- 
+2.53.0
+

diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec
index 854d5c2..e862423 100644
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@@ -9,7 +9,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
 Name: wpa_supplicant
 Epoch: 1
 Version: 2.11
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: BSD-3-Clause
 Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
 Source1: wpa_supplicant.conf
@@ -51,6 +51,8 @@ Patch11: wpa_supplicant-Send-signal-change-as-debug-msg.patch
 Patch12: wpa_supplicant-OpenSSL-Use-pkcs11-provider-when-OPENSSL_NO_ENGINE-i.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2439303
 Patch13: wpa_supplicant-OpenSSL-Support-PEM-encoded-chain-from-ca_cert-blob.patch
+# OpenSSL 4.0 build fixes
+Patch14: 0001-Use-OpenSSL-ASN1_STRING-accessors.patch
 
 URL: http://w1.fi/wpa_supplicant/
 
@@ -64,14 +66,14 @@ BuildRequires: libnl3-devel
 BuildRequires: systemd-units
 BuildRequires: docbook-utils
 BuildRequires: gcc
-%if 0%{?fedora} >= 41
+%if 0%{?fedora} >= 41 && 0%{?fedora} < 45
 BuildRequires: openssl-devel-engine
 %endif
 Requires(post): systemd-sysv
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-%if 0%{?rhel} >= 10
+%if 0%{?rhel} >= 10 || 0%{?fedora} >= 45
 Requires: pkcs11-provider >= 1.0
 %endif
 
@@ -108,7 +110,7 @@ Graphical User Interface for wpa_supplicant written using QT
 pushd wpa_supplicant
   cp defconfig .config
   export CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE"
-%if 0%{?rhel} >= 10
+%if 0%{?rhel} >= 10 || 0%{?fedora} >= 45
   export CFLAGS="$CFLAGS -DOPENSSL_NO_ENGINE"
 %endif
   export CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE"
@@ -221,6 +223,9 @@ chmod -R 0644 wpa_supplicant/examples/*.py
 
 
 %changelog
+* Tue Apr 28 2026 Simo Sorce <simo@redhat.com> - 1:2.11-11
+- Build fixes for OpenSSL 4.0
+
 * Thu Feb 12 2026 Beniamino Galvani <bgalvani@redhat.com> - 1:2.11-10
 - Fix loading multiple certificates from the ca_cert blob (#2439303)
 
@@ -892,4 +897,3 @@ chmod -R 0644 wpa_supplicant/examples/*.py
 
 * Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-1
 - Initial RPM release.
-

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-12 20:01 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-12 20:01 [rpms/wpa_supplicant] rawhide: Build fixes for OpenSSL 4.0 Simo Sorce

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox