Move to Linux 5.15.85 + Alpine 3.17.0.

7 files changed, 223 insertions, 170 deletions

diff --git a/aports/wpa_supplicant/APKBUILD b/aports/wpa_supplicant/APKBUILD
index 5e7e18b..a9da28f 100644
--- a/aports/wpa_supplicant/APKBUILD
+++ b/aports/wpa_supplicant/APKBUILD
@@ -2,18 +2,20 @@
 
 pkgname=wpa_supplicant
 pkgver=2.10
-pkgrel=0 # base: 1
+pkgrel=1 # base: 4
 pkgdesc="utility providing key negotiation for WPA wireless networks"
 url="https://w1.fi/wpa_supplicant/"
 arch="all"
 options="!check" # has no tests
 license="BSD-3-Clause"
 subpackages=
-makedepends="linux-headers openssl1.1-compat-dev dbus-dev libnl3-dev pcsc-lite-dev"
+makedepends="linux-headers openssl-dev>3 dbus-dev libnl3-dev pcsc-lite-dev"
 source="https://w1.fi/releases/wpa_supplicant-$pkgver.tar.gz
 	wpa_supplicant.initd
 	wpa_supplicant.confd
 	eloop.patch
+	unsafe-renegotiation-1.patch
+	unsafe-renegotiation-2.patch
 	no-tools.patch
 	config"
 
@@ -55,6 +57,7 @@ prepare() {
 }
 
 build() {
+	export CFLAGS="$CFLAGS -flto=auto"
 	cd "$builddir"/wpa_supplicant
 	make LIBDIR=/lib BINDIR=/sbin
 }
@@ -75,6 +78,8 @@ sha512sums="
 92c4cbaa9776a354275640c9411d2f547f4c0e00415af4ab30039f1a0be6a11082d49e2514905010f0abcc4a9276353276da9864e3d5f7264a0f0767c8cc9d78  wpa_supplicant.initd
 c7e4041fe41743c5e63a07edc9234d0c44c4c0f193a180b27342b43f3be45fb87b42ee0f9e4a20614cf6ad58cf64d25f74d1e75e2e1d521c2f6d45cdc5737eae  wpa_supplicant.confd
 2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232  eloop.patch
+9528735924faf876a7094de46760605e5e66e265187421a668be06dbf03d7b4db6b84cbad793fcd6bd614e3ba540f82f1f80660d75e8a6070eeb7e9abb54ed28  unsafe-renegotiation-1.patch
+a92ba3ed3f41022a8af9396d2b703ee47f78aa05c1fddb42919a7fe6a6fad71e3515c63457e97e252ae0a32c6c34d67ea6efe0278df1e141cf36e650237e5295  unsafe-renegotiation-2.patch
 3278eff7118f9dc9e177adc3ed91cad562a8edde396af8619321ac8552a86e9c7de25212d5578ea17cbe4b6dc928d83cd6e9a7f0d41e07576656e6e9274107d6  no-tools.patch
-0e1af7084026c3b50b3a77636758f1ce3c1004e1e6d7eb71038e42c5c63866e2bbee3b0933b1131b80a6f2f6848983847a017ba2555a3162f0ccd3aa57fcf257  config
+021d7d192b2e8e6bc89457ce4c8ada7eb897b3c4e8202697da44bde4cab49c0424156569c7a04dc58cae26e0e83e5f56421946679629535d0a749cda31f890c5  config
 "
diff --git a/aports/wpa_supplicant/CVE-2019-16275.patch b/aports/wpa_supplicant/CVE-2019-16275.patch
deleted file mode 100644
index d764a9d..0000000
--- a/aports/wpa_supplicant/CVE-2019-16275.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 8c07fa9eda13e835f3f968b2e1c9a8be3a851ff9 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Thu, 29 Aug 2019 11:52:04 +0300
-Subject: [PATCH] AP: Silently ignore management frame from unexpected source
- address
-
-Do not process any received Management frames with unexpected/invalid SA
-so that we do not add any state for unexpected STA addresses or end up
-sending out frames to unexpected destination. This prevents unexpected
-sequences where an unprotected frame might end up causing the AP to send
-out a response to another device and that other device processing the
-unexpected response.
-
-In particular, this prevents some potential denial of service cases
-where the unexpected response frame from the AP might result in a
-connected station dropping its association.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/drv_callbacks.c | 13 +++++++++++++
- src/ap/ieee802_11.c    | 12 ++++++++++++
- 2 files changed, 25 insertions(+)
-
-diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
-index 31587685fe3b..34ca379edc3d 100644
---- a/src/ap/drv_callbacks.c
-+++ b/src/ap/drv_callbacks.c
-@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
- 			   "hostapd_notif_assoc: Skip event with no address");
- 		return -1;
- 	}
-+
-+	if (is_multicast_ether_addr(addr) ||
-+	    is_zero_ether_addr(addr) ||
-+	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
-+		/* Do not process any frames with unexpected/invalid SA so that
-+		 * we do not add any state for unexpected STA addresses or end
-+		 * up sending out frames to unexpected destination. */
-+		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
-+			   " in received indication - ignore this indication silently",
-+			   __func__, MAC2STR(addr));
-+		return 0;
-+	}
-+
- 	random_add_randomness(addr, ETH_ALEN);
- 
- 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index c85a28db44b7..e7065372e158 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
- 	fc = le_to_host16(mgmt->frame_control);
- 	stype = WLAN_FC_GET_STYPE(fc);
- 
-+	if (is_multicast_ether_addr(mgmt->sa) ||
-+	    is_zero_ether_addr(mgmt->sa) ||
-+	    os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
-+		/* Do not process any frames with unexpected/invalid SA so that
-+		 * we do not add any state for unexpected STA addresses or end
-+		 * up sending out frames to unexpected destination. */
-+		wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
-+			   " in received frame - ignore this frame silently",
-+			   MAC2STR(mgmt->sa));
-+		return 0;
-+	}
-+
- 	if (stype == WLAN_FC_STYPE_BEACON) {
- 		handle_beacon(hapd, mgmt, len, fi);
- 		return 1;
--- 
-2.20.1
-
diff --git a/aports/wpa_supplicant/CVE-2021-0326.patch b/aports/wpa_supplicant/CVE-2021-0326.patch
deleted file mode 100644
index 2ad5f44..0000000
--- a/aports/wpa_supplicant/CVE-2021-0326.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Mon, 9 Nov 2020 11:43:12 +0200
-Subject: P2P: Fix copying of secondary device types for P2P group client
-
-Parsing and copying of WPS secondary device types list was verifying
-that the contents is not too long for the internal maximum in the case
-of WPS messages, but similar validation was missing from the case of P2P
-group information which encodes this information in a different
-attribute. This could result in writing beyond the memory area assigned
-for these entries and corrupting memory within an instance of struct
-p2p_device. This could result in invalid operations and unexpected
-behavior when trying to free pointers from that corrupted memory.
-
-Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
-Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/p2p/p2p.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
-index 74b7b52..5cbfc21 100644
---- a/src/p2p/p2p.c
-+++ b/src/p2p/p2p.c
-@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
- 	dev->info.config_methods = cli->config_methods;
- 	os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
- 	dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
-+	if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
-+		dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
- 	os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
- 		  dev->info.wps_sec_dev_type_list_len);
- }
--- 
-cgit v0.12
-
diff --git a/aports/wpa_supplicant/CVE-2021-27803.patch b/aports/wpa_supplicant/CVE-2021-27803.patch
deleted file mode 100644
index 1942bb3..0000000
--- a/aports/wpa_supplicant/CVE-2021-27803.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <jouni@codeaurora.org>
-Date: Tue, 8 Dec 2020 23:52:50 +0200
-Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
-
-p2p_add_device() may remove the oldest entry if there is no room in the
-peer table for a new peer. This would result in any pointer to that
-removed entry becoming stale. A corner case with an invalid PD Request
-frame could result in such a case ending up using (read+write) freed
-memory. This could only by triggered when the peer table has reached its
-maximum size and the PD Request frame is received from the P2P Device
-Address of the oldest remaining entry and the frame has incorrect P2P
-Device Address in the payload.
-
-Fix this by fetching the dev pointer again after having called
-p2p_add_device() so that the stale pointer cannot be used.
-
-Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
----
- src/p2p/p2p_pd.c | 12 +++++-------
- 1 file changed, 5 insertions(+), 7 deletions(-)
-
-diff --git a/src/p2p/p2p_pd.c b/src/p2p/p2p_pd.c
-index 3994ec03f86b..05fd593494ef 100644
---- a/src/p2p/p2p_pd.c
-+++ b/src/p2p/p2p_pd.c
-@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2p_data *p2p, const u8 *sa,
- 			goto out;
- 		}
- 
-+		dev = p2p_get_device(p2p, sa);
- 		if (!dev) {
--			dev = p2p_get_device(p2p, sa);
--			if (!dev) {
--				p2p_dbg(p2p,
--					"Provision Discovery device not found "
--					MACSTR, MAC2STR(sa));
--				goto out;
--			}
-+			p2p_dbg(p2p,
-+				"Provision Discovery device not found "
-+				MACSTR, MAC2STR(sa));
-+			goto out;
- 		}
- 	} else if (msg.wfd_subelems) {
- 		wpabuf_free(dev->info.wfd_subelems);
--- 
-2.25.1
-
diff --git a/aports/wpa_supplicant/config b/aports/wpa_supplicant/config
index ab425d0..12f711a 100644
--- a/aports/wpa_supplicant/config
+++ b/aports/wpa_supplicant/config
@@ -32,7 +32,7 @@
 CONFIG_DRIVER_NL80211=y
 
 # QCA vendor extensions to nl80211
-#CONFIG_DRIVER_NL80211_QCA=y
+CONFIG_DRIVER_NL80211_QCA=y
 
 # driver_nl80211.c requires libnl. If you are compiling it yourself
 # you may need to point hostapd to your version of libnl.
@@ -207,7 +207,7 @@ CONFIG_HT_OVERRIDES=y
 CONFIG_VHT_OVERRIDES=y
 
 # Development testing
-CONFIG_EAPOL_TEST=n
+#CONFIG_EAPOL_TEST=y
 
 # Enable IPv6 support in eapol_test.
 # See: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12429
@@ -486,7 +486,7 @@ CONFIG_DELAYED_MIC_ERROR_REPORT=y
 # Should we attempt to use the getrandom(2) call that provides more reliable
 # yet secure randomness source than /dev/random on Linux 3.17 and newer.
 # Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
-#CONFIG_GETRANDOM=y
+CONFIG_GETRANDOM=y
 
 # IEEE 802.11n (High Throughput) support (mainly for AP mode)
 #CONFIG_IEEE80211N=y
@@ -503,10 +503,10 @@ CONFIG_DELAYED_MIC_ERROR_REPORT=y
 # This can be used to enable functionality to improve interworking with
 # external networks (GAS/ANQP to learn more about the networks and network
 # selection based on available credentials).
-#CONFIG_INTERWORKING=y
+CONFIG_INTERWORKING=y
 
 # Hotspot 2.0
-#CONFIG_HS20=y
+CONFIG_HS20=y
 
 # Enable interface matching in wpa_supplicant
 #CONFIG_MATCH_IFACE=y
@@ -527,7 +527,7 @@ CONFIG_AP=y
 CONFIG_P2P=y
 
 # Enable TDLS support
-#CONFIG_TDLS=y
+CONFIG_TDLS=y
 
 # Wi-Fi Display
 # This can be used to enable Wi-Fi Display extensions for P2P using an external
@@ -585,7 +585,7 @@ CONFIG_AUTOSCAN_PERIODIC=y
 #
 # For more details refer to:
 # http://wireless.kernel.org/en/users/Documentation/acs
-#CONFIG_ACS=y
+CONFIG_ACS=y
 
 # Support Multi Band Operation
 #CONFIG_MBO=y
diff --git a/aports/wpa_supplicant/unsafe-renegotiation-1.patch b/aports/wpa_supplicant/unsafe-renegotiation-1.patch
new file mode 100644
index 0000000..0802a1b
--- /dev/null
+++ b/aports/wpa_supplicant/unsafe-renegotiation-1.patch
@@ -0,0 +1,103 @@
+Patch-Source: https://w1.fi/cgit/hostap/commit/?id=566ce69a8d0e64093309cbde80235aa522fbf84e
+From 566ce69a8d0e64093309cbde80235aa522fbf84e Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <quic_jouni@quicinc.com>
+Date: Thu, 5 May 2022 00:07:44 +0300
+Subject: EAP peer: Workaround for servers that do not support safe TLS
+ renegotiation
+
+The TLS protocol design for renegotiation was identified to have a
+significant security flaw in 2009 and an extension to secure this design
+was published in 2010 (RFC 5746). However, some old RADIUS
+authentication servers without support for this are still used commonly.
+
+This is obviously not good from the security view point, but since there
+are cases where the user of a network service has no realistic means for
+getting the authentication server upgraded, TLS handshake may still need
+to be allowed to be able to use the network.
+
+OpenSSL 3.0 disabled the client side workaround by default and this
+resulted in issues connection to some networks with insecure
+authentication servers. With OpenSSL 3.0, the client is now enforcing
+security by refusing to authenticate with such servers. The pre-3.0
+behavior of ignoring this issue and leaving security to the server can
+now be enabled with a new phase1 parameter allow_unsafe_renegotiation=1.
+This should be used only when having to connect to a network that has an
+insecure authentication server that cannot be upgraded.
+
+The old (pre-2010) TLS renegotiation mechanism might open security
+vulnerabilities if the authentication server were to allow TLS
+renegotiation to be initiated. While this is unlikely to cause real
+issues with EAP-TLS, there might be cases where use of PEAP or TTLS with
+an authentication server that does not support RFC 5746 might result in
+a security vulnerability.
+
+Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
+---
+ src/crypto/tls.h                   | 1 +
+ src/crypto/tls_openssl.c           | 5 +++++
+ src/eap_peer/eap_tls_common.c      | 4 ++++
+ wpa_supplicant/wpa_supplicant.conf | 5 +++++
+ 4 files changed, 15 insertions(+)
+
+diff --git a/src/crypto/tls.h b/src/crypto/tls.h
+index ccaac94c9..7ea32ee4a 100644
+--- a/src/crypto/tls.h
++++ b/src/crypto/tls.h
+@@ -112,6 +112,7 @@ struct tls_config {
+ #define TLS_CONN_ENABLE_TLSv1_1 BIT(15)
+ #define TLS_CONN_ENABLE_TLSv1_2 BIT(16)
+ #define TLS_CONN_TEAP_ANON_DH BIT(17)
++#define TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION BIT(18)
+ 
+ /**
+  * struct tls_connection_params - Parameters for TLS connection
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 388c6b0f4..0d23f44ad 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -3081,6 +3081,11 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
+ 		SSL_clear_options(ssl, SSL_OP_NO_TICKET);
+ #endif /* SSL_OP_NO_TICKET */
+ 
++#ifdef SSL_OP_LEGACY_SERVER_CONNECT
++	if (flags & TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION)
++		SSL_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
++#endif /* SSL_OP_LEGACY_SERVER_CONNECT */
++
+ #ifdef SSL_OP_NO_TLSv1
+ 	if (flags & TLS_CONN_DISABLE_TLSv1_0)
+ 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
+diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
+index 06c9b211e..6193b4bdb 100644
+--- a/src/eap_peer/eap_tls_common.c
++++ b/src/eap_peer/eap_tls_common.c
+@@ -102,6 +102,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
+ 		params->flags |= TLS_CONN_SUITEB_NO_ECDH;
+ 	if (os_strstr(txt, "tls_suiteb_no_ecdh=0"))
+ 		params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
++	if (os_strstr(txt, "allow_unsafe_renegotiation=1"))
++		params->flags |= TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
++	if (os_strstr(txt, "allow_unsafe_renegotiation=0"))
++		params->flags &= ~TLS_CONN_ALLOW_UNSAFE_RENEGOTIATION;
+ }
+ 
+ 
+diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
+index a1dc769c9..b5304a77e 100644
+--- a/wpa_supplicant/wpa_supplicant.conf
++++ b/wpa_supplicant/wpa_supplicant.conf
+@@ -1370,6 +1370,11 @@ fast_reauth=1
+ # tls_suiteb=0 - do not apply Suite B 192-bit constraints on TLS (default)
+ # tls_suiteb=1 - apply Suite B 192-bit constraints on TLS; this is used in
+ #	particular when using Suite B with RSA keys of >= 3K (3072) bits
++# allow_unsafe_renegotiation=1 - allow connection with a TLS server that does
++#	not support safe renegotiation (RFC 5746); please note that this
++#	workaround should be only when having to authenticate with an old
++#	authentication server that cannot be updated to use secure TLS
++#	implementation.
+ #
+ # Following certificate/private key fields are used in inner Phase2
+ # authentication when using EAP-TTLS or EAP-PEAP.
+-- 
+cgit v1.2.3-18-g5258
+
diff --git a/aports/wpa_supplicant/unsafe-renegotiation-2.patch b/aports/wpa_supplicant/unsafe-renegotiation-2.patch
new file mode 100644
index 0000000..2046637
--- /dev/null
+++ b/aports/wpa_supplicant/unsafe-renegotiation-2.patch
@@ -0,0 +1,105 @@
+Patch-Source: https://w1.fi/cgit/hostap/commit/?id=a561d12d24c2c8bb0f825d4a3a55a5e47e845853
+From a561d12d24c2c8bb0f825d4a3a55a5e47e845853 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <quic_jouni@quicinc.com>
+Date: Wed, 4 May 2022 23:55:38 +0300
+Subject: EAP peer status notification for server not supporting RFC 5746
+
+Add a notification message to indicate reason for TLS handshake failure
+due to the server not supporting safe renegotiation (RFC 5746).
+
+Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
+---
+ src/ap/authsrv.c         |  3 +++
+ src/crypto/tls.h         |  3 ++-
+ src/crypto/tls_openssl.c | 15 +++++++++++++--
+ src/eap_peer/eap.c       |  5 +++++
+ 4 files changed, 23 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c
+index 516c1da74..fd9c96fad 100644
+--- a/src/ap/authsrv.c
++++ b/src/ap/authsrv.c
+@@ -169,6 +169,9 @@ static void authsrv_tls_event(void *ctx, enum tls_event ev,
+ 			wpa_printf(MSG_DEBUG, "authsrv: remote TLS alert: %s",
+ 				   data->alert.description);
+ 		break;
++	case TLS_UNSAFE_RENEGOTIATION_DISABLED:
++		/* Not applicable to TLS server */
++		break;
+ 	}
+ }
+ #endif /* EAP_TLS_FUNCS */
+diff --git a/src/crypto/tls.h b/src/crypto/tls.h
+index 7ea32ee4a..7a2ee32df 100644
+--- a/src/crypto/tls.h
++++ b/src/crypto/tls.h
+@@ -22,7 +22,8 @@ enum tls_event {
+ 	TLS_CERT_CHAIN_SUCCESS,
+ 	TLS_CERT_CHAIN_FAILURE,
+ 	TLS_PEER_CERTIFICATE,
+-	TLS_ALERT
++	TLS_ALERT,
++	TLS_UNSAFE_RENEGOTIATION_DISABLED,
+ };
+ 
+ /*
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 0d23f44ad..912471ba2 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -4443,6 +4443,7 @@ int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn,
+ static struct wpabuf *
+ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
+ {
++	struct tls_context *context = conn->context;
+ 	int res;
+ 	struct wpabuf *out_data;
+ 
+@@ -4472,7 +4473,19 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
+ 			wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to "
+ 				   "write");
+ 		else {
++			unsigned long error = ERR_peek_last_error();
++
+ 			tls_show_errors(MSG_INFO, __func__, "SSL_connect");
++
++			if (context->event_cb &&
++			    ERR_GET_LIB(error) == ERR_LIB_SSL &&
++			    ERR_GET_REASON(error) ==
++			    SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED) {
++				context->event_cb(
++					context->cb_ctx,
++					TLS_UNSAFE_RENEGOTIATION_DISABLED,
++					NULL);
++			}
+ 			conn->failed++;
+ 			if (!conn->server && !conn->client_hello_generated) {
+ 				/* The server would not understand TLS Alert
+@@ -4495,8 +4508,6 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data)
+ 	if ((conn->flags & TLS_CONN_SUITEB) && !conn->server &&
+ 	    os_strncmp(SSL_get_cipher(conn->ssl), "DHE-", 4) == 0 &&
+ 	    conn->server_dh_prime_len < 3072) {
+-		struct tls_context *context = conn->context;
+-
+ 		/*
+ 		 * This should not be reached since earlier cert_cb should have
+ 		 * terminated the handshake. Keep this check here for extra
+diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
+index 429b20d3a..729388f4f 100644
+--- a/src/eap_peer/eap.c
++++ b/src/eap_peer/eap.c
+@@ -2172,6 +2172,11 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
+ 			eap_notify_status(sm, "remote TLS alert",
+ 					  data->alert.description);
+ 		break;
++	case TLS_UNSAFE_RENEGOTIATION_DISABLED:
++		wpa_printf(MSG_INFO,
++			   "TLS handshake failed due to the server not supporting safe renegotiation (RFC 5746); phase1 parameter allow_unsafe_renegotiation=1 can be used to work around this");
++		eap_notify_status(sm, "unsafe server renegotiation", "failure");
++		break;
+ 	}
+ 
+ 	os_free(hash_hex);
+-- 
+cgit v1.2.3-18-g5258
+