Extend server certificate TOD policy reporting to include TOD-TOFU

The previously used single TOD policy was split into two policies: TOD-STRICT and TOD-TOFU. Report these separately in the CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for TOD-TOFU). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
author: Jouni Malinen <jouni@codeaurora.org> 2019-08-16 12:51:40 (GMT)
committer: Jouni Malinen <j@w1.fi> 2019-08-16 13:40:31 (GMT)
commit: a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e (patch)
tree: c146a60c9c2701731bbb042cd49793cae8287665 /src/crypto
parent: 346d10cf824728d8f35f9bf78f5b0d7b73ef6222 (diff)
download: hostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.zip
hostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.tar.gz
hostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 07d38e4..e67756a 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2186,7 +2186,9 @@ static int openssl_cert_tod(X509 *cert)
 			continue;
 		wpa_printf(MSG_DEBUG, "OpenSSL: Certificate Policy %s", buf);
 		if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.1") == 0)
-			tod = 1;
+			tod = 1; /* TOD-STRICT */
+		else if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.2") == 0 && !tod)
+			tod = 2; /* TOD-TOFU */
 	}
 
 	return tod;
author	Jouni Malinen <jouni@codeaurora.org>	2019-08-16 12:51:40 (GMT)
committer	Jouni Malinen <j@w1.fi>	2019-08-16 13:40:31 (GMT)
commit	a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e (patch)
tree	c146a60c9c2701731bbb042cd49793cae8287665 /src/crypto
parent	346d10cf824728d8f35f9bf78f5b0d7b73ef6222 (diff)
download	hostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.zip hostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.tar.gz hostap-a647a0ad75fd2650ce1be300327f7ea8c9ff3a1e.tar.bz2