aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2020-06-16 14:47:50 (GMT)
committerJouni Malinen <j@w1.fi>2020-06-16 15:24:23 (GMT)
commit4b834df5e08a41c5b018881ad888f637ba66b1ee (patch)
treeec64089c02dda21eb9d5ecf920e5a8bb8e8857b9 /src/crypto
parent68ac45d53c53061cd25c14663627faf87979bb6e (diff)
downloadhostap-4b834df5e08a41c5b018881ad888f637ba66b1ee.zip
hostap-4b834df5e08a41c5b018881ad888f637ba66b1ee.tar.gz
hostap-4b834df5e08a41c5b018881ad888f637ba66b1ee.tar.bz2
OpenSSL: Support PEM encoded chain from client_cert blob
Allow a chain of certificates to be configured through a client_cert blob. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/tls_openssl.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index a6a4ce4..160578e 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3241,8 +3241,31 @@ static int tls_connection_client_cert(struct tls_connection *conn,
"OK");
return 0;
} else if (client_cert_blob) {
+ BIO *bio;
+ X509 *x509;
+
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_certificate_ASN1 failed");
+ bio = BIO_new(BIO_s_mem());
+ if (!bio)
+ return -1;
+ BIO_write(bio, client_cert_blob, client_cert_blob_len);
+ x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+ if (!x509 || SSL_use_certificate(conn->ssl, x509) != 1) {
+ X509_free(x509);
+ BIO_free(bio);
+ return -1;
+ }
+ X509_free(x509);
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Found PEM encoded certificate from blob");
+ while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL))) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: Added an additional certificate into the chain");
+ SSL_add0_chain_cert(conn->ssl, x509);
+ }
+ BIO_free(bio);
+ return 0;
}
if (client_cert == NULL)