From a880299f6b83a89429493308a1f6f342db6c2212 Mon Sep 17 00:00:00 2001
From: root <root@noemail.net>
Date: Wed, 11 Mar 2020 20:01:47 +0000
Subject: [PATCH] Lets join a Cisco 1030 AP with contrib openssl

FossilOrigin-Name: cdf35994402cbcc46b10c29bb02063674b2a95976105eaeb884450aa25270469
---
 src/Config.mak    |  4 ++--
 src/ac/config.ktv | 12 ++++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/Config.mak b/src/Config.mak
index c43d46d1..4378ba2a 100644
--- a/src/Config.mak
+++ b/src/Config.mak
@@ -1,8 +1,8 @@
 # 
 # OpenSSL definitions
 #
-# OPENSSL_VERSION=openssl-1.0.1i
-USE_CONTRIB_OPENSSL=0
+OPENSSL_VERSION=openssl-1.0.1i
+USE_CONTRIB_OPENSSL=1
 
 # GnuTLS definitions
 # GNUTLS_VERSION=3.3.9
diff --git a/src/ac/config.ktv b/src/ac/config.ktv
index 7a0e9443..cf1b55fb 100644
--- a/src/ac/config.ktv
+++ b/src/ac/config.ktv
@@ -49,10 +49,14 @@ capwap-control-ip-address/wtps.0:Word:0
 #capwap-control-ip-address/wtps.1:Word:11
 
 
-cisco/ssl-keyfile:Str:"../../ssl/certs/ac-cisco.key"
-cisco/ssl-certfile:Str:"../../ssl/certs/ac-cisco.pem"
-cisco/ssl-cipher:Str:NORMAL
-#cisco/ssl-cipher:Str:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+SHA1:+PSK
+#cisco/ssl-keyfile:Str:"../../ssl/certs/ac-cisco.key"
+#cisco/ssl-certfile:Str:"../../ssl/certs/ac-cisco.pem"
+#cisco/ssl-keyfile:Str:"../../ssl/certs/int-ca.key"
+#cisco/ssl-certfile:Str:"../../ssl/certs/int-ca.crt"
+cisco/ssl-keyfile:Str:"../../ssl/intermediate-ca/int-ca.key"
+cisco/ssl-certfile:Str:"../../ssl/intermediate-ca/int-ca.crt"
+cisco/ssl-cipher:Str:DEFAULT:!ECDH
+#cisco/ssl-cipher:Str:+DHE-RSA:+AES-256-CBC:+AES-128-CBC:+SHA1
 cisco/ssl-dhbits:Word:2048
 
 capwap/ssl-cipher:Str:+DHE-RSA:+RSA:+AES-256-CBC:+AES-128-CBC:+SHA1:+PSK