Attachment #868518 for bug #912315




	struct tls_connection *conn = arg;
	const u8 *pos = buf;

#if OPENSSL_VERSION_NUMBER >= 0x30000000L
	if ((SSL_version(ssl) == TLS1_VERSION ||
	     SSL_version(ssl) == TLS1_1_VERSION) &&
	    SSL_get_security_level(ssl) > 0) {
		wpa_printf(MSG_DEBUG,
			   "OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
		SSL_set_security_level(ssl, 0);
	}
#endif /* OpenSSL version >= 3.0 */
	if (write_p == 2) {
		wpa_printf(MSG_DEBUG,
			   "OpenSSL: session ver=0x%x content_type=%d",
- 

Return to bug 912315

Lines 1557-1562 static void tls_msg_cb(int write_p, int version, int content_type, Link Here

(-)a/src/crypto/tls_openssl.c (-1 / +9 lines)
1557	struct tls_connection *conn = arg;	1557	struct tls_connection *conn = arg;
1558	const u8 *pos = buf;	1558	const u8 *pos = buf;
1559		1559
		1560	#if OPENSSL_VERSION_NUMBER >= 0x30000000L
		1561	if ((SSL_version(ssl) == TLS1_VERSION \|\|
		1562	SSL_version(ssl) == TLS1_1_VERSION) &&
		1563	SSL_get_security_level(ssl) > 0) {
		1564	wpa_printf(MSG_DEBUG,
		1565	"OpenSSL: Drop security level to 0 to allow TLS 1.0/1.1 use of MD5-SHA1 signature algorithm");
		1566	SSL_set_security_level(ssl, 0);
		1567	}
		1568	#endif /* OpenSSL version >= 3.0 */
1560	if (write_p == 2) {	1569	if (write_p == 2) {
1561	wpa_printf(MSG_DEBUG,	1570	wpa_printf(MSG_DEBUG,
1562	"OpenSSL: session ver=0x%x content_type=%d",	1571	"OpenSSL: session ver=0x%x content_type=%d",
1563	-