[PATCH] Fix eapol_test build against OpenSSL 3

Jouni Malinen j at w1.fi
Sat Dec 16 08:33:34 PST 2023


On Wed, Dec 13, 2023 at 12:33:38AM +0100, Jouke Witteveen wrote:
> eapol_test uses the ENGINE API of OpenSSL, which has been deprecated
> as of OpenSSL 3. Rather than migrating the code to the new API or
> pretending that we do not support OpenSSL 3, accept that we use
> deprecated functionality.

How have you configured the build? Did you explicitly define
CONFIG_SMARTCARD=y in wpa_supplicant/.config? OpenSSL ENGINE API should
not be used by default, but it will be used if you explicitly enable
functionality that needs it. And if that is indeed the case, it would
seem more reasonable to add this type of workarounds in
wpa_supplicant/.config when needed.

> diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
> @@ -184,7 +184,7 @@ CFLAGS += -DCONFIG_ELOOP_KQUEUE
>  endif
> 
>  ifdef CONFIG_EAPOL_TEST
> -CFLAGS += -Werror -DEAPOL_TEST
> +CFLAGS += -Werror -Wno-error=deprecated-declarations -DEAPOL_TEST
>  endif

That does not look like the correct place since this is in no way
limited to eapol_test. I'd add that in wpa_supplicant/.config instead
whenever configuring the build to include functionality that needs the
OpenSSL ENGINE API. This should not be forced to be included for all
other cases that do not need this.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list