Bug with OpenSSL engine initialization in tls_engine_load_dynamic_generic

David Woodhouse dwmw2 at infradead.org
Mon Jun 6 06:09:29 PDT 2016


On Mon, 2016-06-06 at 14:56 +0200, Michael Schaller wrote:
> Thank you for the input, David. I'll discuss the issue with my
> colleague Mike Gerow and we will probably switch to using p11-kit.
> When it comes to WPA Supplicant itself do you think that manually
> specifying the pkcs11 engine and module path should be
> deprecated/removed?

Deprecated, yes. But there'll be a long tail of legacy installations
(and distributions which aren't keeping up with the times) before we
can actually *remove* the support.

I'm not entirely sure about OS X either. It's perfectly reasonable to
assume p11-kit on any Linux distribution, but perhaps OSX still wants
to do its own thing? (And do we even have an engine or PKCS#11 module
that accesses the OSX keychain...?)

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20160606/3413d42c/attachment.bin>


More information about the Hostap mailing list