aboutsummaryrefslogtreecommitdiffstats
path: root/hs20
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-10-17 16:03:18 (GMT)
committerJouni Malinen <j@w1.fi>2018-10-17 16:07:27 (GMT)
commitde7bcb9bc9417724bb108fde91e97d0018c53e0f (patch)
tree9b9f082d936c75df9db0c060d7fc8a222797347a /hs20
parent2cbaf0de223baaeed47ec9beb59337415c007d4d (diff)
downloadhostap-de7bcb9bc9417724bb108fde91e97d0018c53e0f.zip
hostap-de7bcb9bc9417724bb108fde91e97d0018c53e0f.tar.gz
hostap-de7bcb9bc9417724bb108fde91e97d0018c53e0f.tar.bz2
HS 2.0: Reject PPS MO if polupd or AAA trust root is invalid
Previously, this was done only for the subscription remediation/update trust root. The other downloaded files were also verified, but the OSU server was not notified if the files were found to be invalid. Modify hs20-osu-client behavior to explicitly notify the OSU server if any of the three trust root types cannot be successfully downloaded. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'hs20')
-rw-r--r--hs20/client/osu_client.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
index 17c5ba1..9e1b0c7 100644
--- a/hs20/client/osu_client.c
+++ b/hs20/client/osu_client.c
@@ -436,7 +436,7 @@ static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
if (node == NULL) {
wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
xml_node_free(ctx->xml, pps);
- return -1;
+ return -2;
}
ret = download_cert(ctx, node, ca_fname);
@@ -463,7 +463,7 @@ static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
if (node == NULL) {
wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
xml_node_free(ctx->xml, pps);
- return -1;
+ return -2;
}
aaa = xml_node_first_child(ctx->xml, node);
@@ -485,7 +485,7 @@ static int download_trust_roots(struct hs20_osu_client *ctx,
{
char *dir, *pos;
char fname[300];
- int ret;
+ int ret, ret1;
dir = os_strdup(pps_fname);
if (dir == NULL)
@@ -500,9 +500,13 @@ static int download_trust_roots(struct hs20_osu_client *ctx,
snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
- cmd_dl_polupd_ca(ctx, pps_fname, fname);
+ ret1 = cmd_dl_polupd_ca(ctx, pps_fname, fname);
+ if (ret == 0 && ret1 == -1)
+ ret = -1;
snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
- cmd_dl_aaa_ca(ctx, pps_fname, fname);
+ ret1 = cmd_dl_aaa_ca(ctx, pps_fname, fname);
+ if (ret == 0 && ret1 == -1)
+ ret = -1;
os_free(dir);