From f66217770b0b046c5aaff780fbd78ddeaf8f7274 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 1 Feb 2023 21:31:51 +0000 Subject: [PATCH] Patch wpa_supplicant to support Tradebyte wifi Tradebyte access points use legacy crypto. This patch makes it possible to establish a network connection. --- modules/nix.nix | 18 ++++++++++++++++-- ..._options-SSL_OP_LEGACY_SERVER_CONNECT.patch | 9 +++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 modules/wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch diff --git a/modules/nix.nix b/modules/nix.nix index 33d42cf..c3cccdb 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,4 +1,4 @@ -{ pkgs, inputs, system, ... }: +{ config, lib, pkgs, inputs, system, ... }: { nix = { @@ -30,7 +30,21 @@ config = prev.config; }; }) - ]; + ] + # Tradebyte access points use legacy crypto + ++ lib.optional config.myConfig.tradebyte.enable ( + final: prev: + let + inherit (prev) callPackage; + in + { + wpa_supplicant = prev.wpa_supplicant.overrideAttrs (attrs: { + patches = attrs.patches ++ [ + ./wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch + ]; + }); + } + ); environment.systemPackages = with pkgs; [ cached-nix-shell diff --git a/modules/wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch b/modules/wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch new file mode 100644 index 0000000..3fcc2ee --- /dev/null +++ b/modules/wpa_supplicant/SSL_CTX_set_options-SSL_OP_LEGACY_SERVER_CONNECT.patch @@ -0,0 +1,9 @@ +--- wpa_supplicant-2.10/src/crypto/tls_openssl.c 2022-01-16 15:51:29.000000000 -0500 ++++ src/crypto/tls_openssl.c.legacy 2022-09-29 10:10:02.999974141 -0400 +@@ -1048,7 +1048,7 @@ + + SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3); +- ++ SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT); + SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);