BoringSSL: Comment out SSL_build_cert_chain() call

It looks like BoringSSL does include that function even though it claims
support for OPENSSL_VERSION_NUMBER where this is available (1.0.2). For
now, comment out that call to fix build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 22e9abb..5daf9ff 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2125,6 +2125,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
                        }
                }
                sk_X509_free(certs);
+#ifndef OPENSSL_IS_BORINGSSL
                res = SSL_build_cert_chain(ssl,
                                           SSL_BUILD_CHAIN_FLAG_CHECK |
                                           SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR);
@@ -2135,6 +2136,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
                        wpa_printf(MSG_DEBUG,
                                   "TLS: Ignore certificate chain verification error when building chain with PKCS#12 extra certificates");
                }
+#endif /* OPENSSL_IS_BORINGSSL */
                /*
                 * Try to continue regardless of result since it is possible for
                 * the extra certificates not to be required.