diff options
author | Jouni Malinen <j@w1.fi> | 2015-01-14 11:29:40 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2015-01-14 13:45:18 (GMT) |
commit | d07d3fbda2466d1778ecdf36e2986c5d9b3c1a53 (patch) | |
tree | 535c7b00dc08025ec32d559b2472a587910c2178 /src/eapol_supp | |
parent | 98a4cd447e9f1322f9f1e93a4deb34a51b10ca4d (diff) | |
download | hostap-d07d3fbda2466d1778ecdf36e2986c5d9b3c1a53.zip hostap-d07d3fbda2466d1778ecdf36e2986c5d9b3c1a53.tar.gz hostap-d07d3fbda2466d1778ecdf36e2986c5d9b3c1a53.tar.bz2 |
Add peer certificate alt subject name information to EAP events
A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used
to provide information about server certificate chain alternative
subject names for upper layers, e.g., to make it easier to configure
constraints on the server certificate. For example:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com
Currently, this includes DNS, EMAIL, and URI components from the
certificates. Similar information is priovided to D-Bus Certification
signal in the new altsubject argument which is a string array of these
items.
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eapol_supp')
-rw-r--r-- | src/eapol_supp/eapol_supp_sm.c | 7 | ||||
-rw-r--r-- | src/eapol_supp/eapol_supp_sm.h | 3 |
2 files changed, 7 insertions, 3 deletions
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c index 941a269..621318e 100644 --- a/src/eapol_supp/eapol_supp_sm.c +++ b/src/eapol_supp/eapol_supp_sm.c @@ -1962,13 +1962,14 @@ static void eapol_sm_eap_param_needed(void *ctx, enum wpa_ctrl_req_type field, #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject, - const char *cert_hash, + const char *altsubject[], + int num_altsubject, const char *cert_hash, const struct wpabuf *cert) { struct eapol_sm *sm = ctx; if (sm->ctx->cert_cb) - sm->ctx->cert_cb(sm->ctx->ctx, depth, subject, - cert_hash, cert); + sm->ctx->cert_cb(sm->ctx->ctx, depth, subject, altsubject, + num_altsubject, cert_hash, cert); } diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h index e089e88..d8ae9d4 100644 --- a/src/eapol_supp/eapol_supp_sm.h +++ b/src/eapol_supp/eapol_supp_sm.h @@ -248,10 +248,13 @@ struct eapol_ctx { * @ctx: Callback context (ctx) * @depth: Depth in certificate chain (0 = server) * @subject: Subject of the peer certificate + * @altsubject: Select fields from AltSubject of the peer certificate + * @num_altsubject: Number of altsubject values * @cert_hash: SHA-256 hash of the certificate * @cert: Peer certificate */ void (*cert_cb)(void *ctx, int depth, const char *subject, + const char *altsubject[], int num_altsubject, const char *cert_hash, const struct wpabuf *cert); /** |