Import wpa_supplicant & hostapd 0.6.9.

author: rpaulo <rpaulo@FreeBSD.org> 2010-06-13 20:32:04 +0000
committer: rpaulo <rpaulo@FreeBSD.org> 2010-06-13 20:32:04 +0000
commit: 60c44471bf25f9e84d8701afe1bbcbcc88e18c89 (patch)
tree: 538db23d436787038f980271529ae2be44235c1b /src/tls/tlsv1_client.c
parent: ced3a3de988600636bda6479d27de8823307f171 (diff)
download: FreeBSD-src-60c44471bf25f9e84d8701afe1bbcbcc88e18c89.zip
FreeBSD-src-60c44471bf25f9e84d8701afe1bbcbcc88e18c89.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c
index 302e3ee..0bf1174 100644
--- a/src/tls/tlsv1_client.c
+++ b/src/tls/tlsv1_client.c
@@ -620,6 +620,17 @@ int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers)
 		suites[count++] = TLS_DH_anon_WITH_3DES_EDE_CBC_SHA;
 		suites[count++] = TLS_DH_anon_WITH_RC4_128_MD5;
 		suites[count++] = TLS_DH_anon_WITH_DES_CBC_SHA;
+
+		/*
+		 * Cisco AP (at least 350 and 1200 series) local authentication
+		 * server does not know how to search cipher suites from the
+		 * list and seem to require that the last entry in the list is
+		 * the one that it wants to use. However, TLS specification
+		 * requires the list to be in the client preference order. As a
+		 * workaround, add anon-DH AES-128-SHA1 again at the end of the
+		 * list to allow the Cisco code to find it.
+		 */
+		suites[count++] = TLS_DH_anon_WITH_AES_128_CBC_SHA;
 		conn->num_cipher_suites = count;
 	}
author	rpaulo <rpaulo@FreeBSD.org>	2010-06-13 20:32:04 +0000
committer	rpaulo <rpaulo@FreeBSD.org>	2010-06-13 20:32:04 +0000
commit	60c44471bf25f9e84d8701afe1bbcbcc88e18c89 (patch)
tree	538db23d436787038f980271529ae2be44235c1b /src/tls/tlsv1_client.c
parent	ced3a3de988600636bda6479d27de8823307f171 (diff)
download	FreeBSD-src-60c44471bf25f9e84d8701afe1bbcbcc88e18c89.zip FreeBSD-src-60c44471bf25f9e84d8701afe1bbcbcc88e18c89.tar.gz