aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-08-16 12:51:40 (GMT)
committerJouni Malinen <j@w1.fi>2019-08-16 13:40:31 (GMT)
commita647a0ad75fd2650ce1be300327f7ea8c9ff3a1e (patch)
treec146a60c9c2701731bbb042cd49793cae8287665 /src/crypto
parent346d10cf824728d8f35f9bf78f5b0d7b73ef6222 (diff)
downloadhostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.zip
hostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.tar.gz
hostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.tar.bz2
Extend server certificate TOD policy reporting to include TOD-TOFU
The previously used single TOD policy was split into two policies: TOD-STRICT and TOD-TOFU. Report these separately in the CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for TOD-TOFU). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/tls_openssl.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 07d38e4..e67756a 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2186,7 +2186,9 @@ static int openssl_cert_tod(X509 *cert)
continue;
wpa_printf(MSG_DEBUG, "OpenSSL: Certificate Policy %s", buf);
if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.1") == 0)
- tod = 1;
+ tod = 1; /* TOD-STRICT */
+ else if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.2") == 0 && !tod)
+ tod = 2; /* TOD-TOFU */
}
return tod;