I have added 'echo "CONFIG_EAP_FAST=y" >> .config' to the ebuild then run 'ebuild /usr/portage/net-wireless/wpa_supplicant/wpa_supplicant-0.5.7.ebuild digest' and from the emerge output it appears that the option has been accepted by the build process, ie. i can see '-DEAP_FAST' as a parameter to gcc. However the compilation fails with; i686-pc-linux-gnu-gcc -o wpa_supplicant config.o common.o md5.o md4.o rc4.o sha1.o des.o os_unix.o eloop.o config_file.o base64.o l2_packet_linux.o eap_tls.o eap_peap.o eap_ttls.o eap_md5.o eap_mschapv2.o eap_gtc.o eap_otp.o eap_leap.o eap_psk.o eap_psk_common.o eap_tlv.o eap_fast.o eap_pax.o eap_pax_common.o eapol_sm.o eap.o eap_methods.o eap_tls_common.o tls_openssl.o ms_funcs.o crypto.o ctrl_iface.o ctrl_iface_unix.o ctrl_iface_dbus.o ctrl_iface_dbus_handlers.o dbus_dict_helpers.o wpa.o preauth.o pmksa_cache.o aes_wrap.o wpa_supplicant.o events.o main.o drivers.o driver_hostap.o driver_prism54.o driver_madwifi.o driver_atmel.o driver_ndiswrapper.o driver_ipw.o driver_wired.o driver_wext.o -lssl -lcrypto -ldl `pkg-config --libs dbus-1` i686-pc-linux-gnu-gcc -o wpa_cli wpa_cli.o wpa_ctrl.o os_unix.o -lncurses -lreadline tls_openssl.o: In function `tls_connection_client_hello_ext': tls_openssl.c:(.text+0x1706): undefined reference to `SSL_set_hello_extension' tls_openssl.o: In function `tls_connection_set_master_key': tls_openssl.c:(.text+0x1950): undefined reference to `SSL_set_session_secret_cb' collect2: ld returned 1 exit status make: *** [wpa_supplicant] Error 1 Reproducible: Always Actual Results: n/a Expected Results: n/a absydos adam # emerge --info Portage 2.1.2.2 (default-linux/x86/2006.0, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r5 i686) ================================================================= System uname: 2.6.19-gentoo-r5 i686 Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz Gentoo Base System release 1.12.9 Timestamp of tree: Tue, 10 Apr 2007 10:30:08 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/share/X11/xkb /usr/share/config /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://ftp.swin.edu.au/gentoo http://mirror.aarnet.edu.au/pub/gentoo" LINGUAS="en" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rix/gentoo-portage" USE="X a52 aac acpi alsa ao apache2 apm arts bash-completion berkdb bitmap-fonts bzip2 cairo cdparanoia cdr cli cracklib crypt cups dbus divx dri dvd dvdr dvdread eds emboss encode esd ffmpeg firefox foomaticdb gdbm gif gmedia gnome gpm gstreamer gtk gtk2 hal iconv imlib isdnlog java jpeg kerberos kqemu ldap libg++ libwww lm_sensors mad madwifi midi mikmod mmx motif mp3 mpeg ncurses nls nptl nptlonly nsplugin ogg opengl pam pcmcia pcre perl png pppd python qt3support qt4 quicktime readline real reflection samba sdl session snmp spell spl sse sse2 ssl tcpd theora tiff truetype truetype-fonts type1-fonts usb vcd vorbis wifi win32codecs wmp x86 xine xinerama xml xorg xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="radeon flgrx vesa vmware" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY absydos adam # absydos adam # emerge -pv wpa_supplicant These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] net-wireless/wpa_supplicant-0.5.7 USE="dbus madwifi qt4 readline ssl -gnutls -gsm -qt3" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB absydos adam # emerge -pv openssl These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] dev-libs/openssl-0.9.8d USE="sse2 zlib -bindist -emacs -test" 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB absydos adam #
Looks like a patch to openssl is required: http://www.koders.com/noncode/fidF573230CEE13406DAA1BD66536075EC277722BC6.aspx
Is this patch already integrated into openssl upstream. If no, why not? Can we get it integrated there?
Uberlord needs to decide if it is worth including this.
We need 0.9.8 of openssl on bsd first, and then it patched, we we probably won't do. Once we have openssl that supports SSL_set_hello_extension on all arches wpa_supplicant supports we'll do it.
It looks like wpa_supplicant supports EAP-FAST when using the internal SSL implementation. Could the ebuild be modified to include EAP-FAST support for that configuration? I modified a local ebuild to do so, and it works: CTRL-EVENT-EAP-STARTED EAP authentication started CTRL-EVENT-EAP-METHOD EAP vendor 0 method 43 (FAST) selected CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully