The Debian 12 upgrade in T5003 caused a regression for connecting to
legacy networks that only support TLSv1.0/1.1 for EAP-TLS. This commit
fixes one part of the issue by adding Debian's patch for allowing legacy
renegotiation (SSL_OP_LEGACY_SERVER_CONNECT flag). The flag used to be
allowed by default, but that changed with the openssl 3.0 upgrade in
Debian 12.
(This commit also updates `build.sh` to just overwrite
`debian/patches/series` and not delete patch files since
dpkg-buildpackage/quilt never applies unlisted patches.)
Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
Fix for commit f163dea ("Docker: T5076: unbloat container - remove dependencies
for hostap") as in the hostap Git repo there are no Debian build files available,
they will later be copied in by build.sh from Debian SALSA wpa repository.
After the fixes for T4537/T4584, which added a custom hostap package,
wpa_supplicant no longer allows TLSv1.0 connections, which is required
for EAP-TLS with certain ISPs.
Previously, VyOS allowed TLSv1.0 via Debian's `allow-tlsv1.patch` patch.
This commit reintroduces that patch for the custom hostap package.
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
