path: root/hostapd/config_file.c
diff options
authorSam Voss <sam.voss@rockwellcollins.com>2017-08-07 16:26:33 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-31 10:51:51 (GMT)
commitdd5d325b0ac07ef73974b44c6959056030ab68ca (patch)
tree36972e2c099ee1f43e054d752b4baf4fc7221aef /hostapd/config_file.c
parent3518e3623fefa53848614475b128af1c0643a499 (diff)
hostapd: Add configuration option check_crl_strict
Add the ability to ignore time-based CRL errors from OpenSSL by specifying a new configuration parameter, check_crl_strict=0. This causes the following: - This setting does nothing when CRL checking is not enabled. - When CRL is enabled, "strict mode" will cause CRL time errors to not be ignored and will continue behaving as it currently does. - When CRL is enabled, disabling strict mode will cause CRL time errors to be ignored and will allow connections. By default, check_crl_strict is set to 1, or strict mode, to keep current functionality. Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Diffstat (limited to 'hostapd/config_file.c')
1 files changed, 2 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index b0d92ba..cb8d26f 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2489,6 +2489,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
bss->private_key_passwd = os_strdup(pos);
} else if (os_strcmp(buf, "check_crl") == 0) {
bss->check_crl = atoi(pos);
+ } else if (os_strcmp(buf, "check_crl_strict") == 0) {
+ bss->check_crl_strict = atoi(pos);
} else if (os_strcmp(buf, "tls_session_lifetime") == 0) {
bss->tls_session_lifetime = atoi(pos);
} else if (os_strcmp(buf, "tls_flags") == 0) {