aboutsummaryrefslogtreecommitdiffstats
path: root/hs20
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2014-03-17 21:56:17 (GMT)
committerJouni Malinen <j@w1.fi>2014-03-17 22:39:49 (GMT)
commit8f60293d3f1f19f65cd88da126e9ea266285bcf4 (patch)
tree3cade4aff22ad336288225594cc701e34fdb6c54 /hs20
parent40bdceac8814eefd9a6ad7f0960be13b14925ec5 (diff)
downloadhostap-8f60293d3f1f19f65cd88da126e9ea266285bcf4.zip
hostap-8f60293d3f1f19f65cd88da126e9ea266285bcf4.tar.gz
hostap-8f60293d3f1f19f65cd88da126e9ea266285bcf4.tar.bz2
HS 2.0R2: Do not use OSU cert validation for EST
There is no requirement for the EST server to use an OSU server certificate, so do not require friendly name and icon hash matches for EST cases. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'hs20')
-rw-r--r--hs20/client/est.c8
-rw-r--r--hs20/client/osu_client.c12
-rw-r--r--hs20/client/osu_client.h1
3 files changed, 16 insertions, 5 deletions
diff --git a/hs20/client/est.c b/hs20/client/est.c
index c1d514a..5346c09 100644
--- a/hs20/client/est.c
+++ b/hs20/client/est.c
@@ -1,6 +1,6 @@
/*
* Hotspot 2.0 OSU client - EST client
- * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
+ * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -108,8 +108,10 @@ int est_load_cacerts(struct hs20_osu_client *ctx, const char *url)
os_snprintf(buf, buflen, "%s/cacerts", url);
wpa_printf(MSG_INFO, "Download EST cacerts from %s", buf);
write_summary(ctx, "Download EST cacerts from %s", buf);
+ ctx->no_osu_cert_validation = 1;
res = http_download_file(ctx->http, buf, "Cert/est-cacerts.txt",
ctx->ca_fname);
+ ctx->no_osu_cert_validation = 0;
if (res < 0) {
wpa_printf(MSG_INFO, "Failed to download EST cacerts from %s",
buf);
@@ -550,8 +552,10 @@ int est_build_csr(struct hs20_osu_client *ctx, const char *url)
os_snprintf(buf, buflen, "%s/csrattrs", url);
wpa_printf(MSG_INFO, "Download csrattrs from %s", buf);
write_summary(ctx, "Download EST csrattrs from %s", buf);
+ ctx->no_osu_cert_validation = 1;
res = http_download_file(ctx->http, buf, "Cert/est-csrattrs.txt",
ctx->ca_fname);
+ ctx->no_osu_cert_validation = 0;
os_free(buf);
if (res < 0) {
wpa_printf(MSG_INFO, "Failed to download EST csrattrs - assume no extra attributes are needed");
@@ -647,10 +651,12 @@ int est_simple_enroll(struct hs20_osu_client *ctx, const char *url,
os_snprintf(buf, buflen, "%s/simpleenroll", url);
wpa_printf(MSG_INFO, "EST simpleenroll URL: %s", buf);
write_summary(ctx, "EST simpleenroll URL: %s", buf);
+ ctx->no_osu_cert_validation = 1;
resp = http_post(ctx->http, buf, req, "application/pkcs10",
"Content-Transfer-Encoding: base64",
ctx->ca_fname, user, pw, client_cert, client_key,
&resp_len);
+ ctx->no_osu_cert_validation = 0;
os_free(buf);
if (resp == NULL) {
wpa_printf(MSG_INFO, "EST certificate enrollment failed");
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
index 6e6de65..33e641f 100644
--- a/hs20/client/osu_client.c
+++ b/hs20/client/osu_client.c
@@ -302,7 +302,9 @@ static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
xml_node_get_text_free(ctx->xml, hash);
write_summary(ctx, "Download certificate from %s", url);
+ ctx->no_osu_cert_validation = 1;
res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
+ ctx->no_osu_cert_validation = 0;
xml_node_get_text_free(ctx->xml, url);
if (res < 0)
return -1;
@@ -2692,7 +2694,8 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
int found;
char *host = NULL;
- wpa_printf(MSG_INFO, "osu_cert_cb");
+ wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d)",
+ !ctx->no_osu_cert_validation);
host = get_hostname(ctx->server_url);
@@ -2736,7 +2739,8 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
}
}
- for (j = 0; j < ctx->friendly_name_count; j++) {
+ for (j = 0; !ctx->no_osu_cert_validation &&
+ j < ctx->friendly_name_count; j++) {
int found = 0;
for (i = 0; i < cert->num_othername; i++) {
if (os_strcmp(cert->othername[i].oid,
@@ -2775,7 +2779,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
logo->hash, logo->hash_len);
}
- for (j = 0; j < ctx->icon_count; j++) {
+ for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
int found = 0;
char *name = ctx->icon_filename[j];
size_t name_len = os_strlen(name);
@@ -2811,7 +2815,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
}
}
- for (j = 0; j < ctx->icon_count; j++) {
+ for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
int found = 0;
for (i = 0; i < cert->num_logo; i++) {
diff --git a/hs20/client/osu_client.h b/hs20/client/osu_client.h
index 092d6e1..9a7059e 100644
--- a/hs20/client/osu_client.h
+++ b/hs20/client/osu_client.h
@@ -34,6 +34,7 @@ struct hs20_osu_client {
const char *summary_file;
const char *ifname;
const char *ca_fname;
+ int no_osu_cert_validation; /* for EST operations */
char *fqdn;
char *server_url;
struct osu_lang_text friendly_name[MAX_OSU_VALS];