path: root/hostapd/config_file.c
diff options
authorJared Bents <jared.bents@rockwellcollins.com>2019-02-28 19:39:50 (GMT)
committerJouni Malinen <j@w1.fi>2019-03-11 12:09:45 (GMT)
commit841205a1ceb1a5441c10e203549c5a90380aaf0b (patch)
tree32929a36ec612784dae2e8e5d4f5c3445c1f542c /hostapd/config_file.c
parent0173423f416d416b06fbcb1864cdaeff5f591803 (diff)
OpenSSL: Add 'check_cert_subject' support for TLS server
This patch added 'check_cert_subject' support to match the value of every field against the DN of the subject in the client certificate. If the values do not match, the certificate verification will fail and will reject the user. This option allows hostapd to match every individual field in the right order, also allow '*' character as a wildcard (e.g OU=Development*). Note: hostapd will match string up to 'wildcard' against the DN of the subject in the client certificate for every individual field. Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com> Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'hostapd/config_file.c')
1 files changed, 10 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 5ddfbfb..ee3ae65 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2525,6 +2525,16 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "private_key_passwd") == 0) {
bss->private_key_passwd = os_strdup(pos);
+ } else if (os_strcmp(buf, "check_cert_subject") == 0) {
+ if (!pos[0]) {
+ wpa_printf(MSG_ERROR, "Line %d: unknown check_cert_subject '%s'",
+ line, pos);
+ return 1;
+ }
+ os_free(bss->check_cert_subject);
+ bss->check_cert_subject = os_strdup(pos);
+ if (!bss->check_cert_subject)
+ return 1;
} else if (os_strcmp(buf, "check_crl") == 0) {
bss->check_crl = atoi(pos);
} else if (os_strcmp(buf, "check_crl_strict") == 0) {