aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2011-09-17 19:42:54 (GMT)
committerJouni Malinen <j@w1.fi>2011-09-17 19:42:54 (GMT)
commit1b414f59fc46b8c88e606de122debf69e8b5faa8 (patch)
tree06b74e9a152f33d1ba4bc3dd21dff015362fea61 /src
parent8a55f56453f55f7b9b634781b277833d09b3ca9a (diff)
downloadhostap-1b414f59fc46b8c88e606de122debf69e8b5faa8.zip
hostap-1b414f59fc46b8c88e606de122debf69e8b5faa8.tar.gz
hostap-1b414f59fc46b8c88e606de122debf69e8b5faa8.tar.bz2
eapol_test: Add option for writing server certificate chain to a file
eapol_test command line argument -o<file> can now be used to request the received server certificate chain to be written to the specified file. The certificates will be written in PEM format. [Bug 391]
Diffstat (limited to 'src')
-rw-r--r--src/crypto/tls.h1
-rw-r--r--src/crypto/tls_openssl.c4
-rw-r--r--src/eap_peer/eap.c1
-rw-r--r--src/eap_peer/eap.h5
-rw-r--r--src/eapol_supp/eapol_supp_sm.c1
-rw-r--r--src/eapol_supp/eapol_supp_sm.h5
6 files changed, 16 insertions, 1 deletions
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 0928b5b..b5cac1c 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -72,6 +72,7 @@ struct tls_config {
const char *pkcs11_engine_path;
const char *pkcs11_module_path;
int fips_mode;
+ int cert_in_cb;
void (*event_cb)(void *ctx, enum tls_event ev,
union tls_event_data *data);
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 14ff87e..a8df6aa 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -59,6 +59,7 @@ struct tls_global {
void (*event_cb)(void *ctx, enum tls_event ev,
union tls_event_data *data);
void *cb_ctx;
+ int cert_in_cb;
};
static struct tls_global *tls_global = NULL;
@@ -694,6 +695,7 @@ void * tls_init(const struct tls_config *conf)
if (conf) {
tls_global->event_cb = conf->event_cb;
tls_global->cb_ctx = conf->cb_ctx;
+ tls_global->cert_in_cb = conf->cert_in_cb;
}
#ifdef CONFIG_FIPS
@@ -1144,7 +1146,7 @@ static void openssl_tls_cert_event(struct tls_connection *conn,
return;
os_memset(&ev, 0, sizeof(ev));
- if (conn->cert_probe) {
+ if (conn->cert_probe || tls_global->cert_in_cb) {
cert = get_x509_cert(err_cert);
ev.peer_cert.cert = cert;
}
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index ecfaf30..39513d6 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -1242,6 +1242,7 @@ struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
#endif /* CONFIG_FIPS */
tlsconf.event_cb = eap_peer_sm_tls_event;
tlsconf.cb_ctx = sm;
+ tlsconf.cert_in_cb = conf->cert_in_cb;
sm->ssl_ctx = tls_init(&tlsconf);
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
index 2a80d4e..15e451e 100644
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@@ -262,6 +262,11 @@ struct eap_config {
* This is only used by EAP-WSC and can be left %NULL if not available.
*/
struct wps_context *wps;
+
+ /**
+ * cert_in_cb - Include server certificates in callback
+ */
+ int cert_in_cb;
};
struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index bb6cff6..c4a0d8a 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1883,6 +1883,7 @@ struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
conf.pkcs11_engine_path = ctx->pkcs11_engine_path;
conf.pkcs11_module_path = ctx->pkcs11_module_path;
conf.wps = ctx->wps;
+ conf.cert_in_cb = ctx->cert_in_cb;
sm->eap = eap_peer_sm_init(sm, &eapol_cb, sm->ctx->msg_ctx, &conf);
if (sm->eap == NULL) {
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index 3ea7e79..48813a9 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -231,6 +231,11 @@ struct eapol_ctx {
*/
void (*cert_cb)(void *ctx, int depth, const char *subject,
const char *cert_hash, const struct wpabuf *cert);
+
+ /**
+ * cert_in_cb - Include server certificates in callback
+ */
+ int cert_in_cb;
};