aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tlsv1_cred.c
diff options
context:
space:
mode:
authorPali Rohár <pali.rohar@gmail.com>2015-11-22 01:02:55 (GMT)
committerJouni Malinen <j@w1.fi>2015-11-29 09:39:25 (GMT)
commit3665776e4e0ea42989517ca4cb2699e8ee91b35f (patch)
treee537e193aa7a07866164e42a79f640d7582d4f04 /src/tls/tlsv1_cred.c
parent9b35afd6ac9f2633f39a06bb3dce43de88ebbec3 (diff)
downloadhostap-3665776e4e0ea42989517ca4cb2699e8ee91b35f.zip
hostap-3665776e4e0ea42989517ca4cb2699e8ee91b35f.tar.gz
hostap-3665776e4e0ea42989517ca4cb2699e8ee91b35f.tar.bz2
TLS client: Do not verify CA certificates when ca_cert is not specified
In documentation is written: "If ca_cert and ca_path are not included, server certificate will not be verified". This is the case when wpa_supplicant is compiled with OpenSSL library, but when using the internal TLS implementation and some certificates in CA chain are in unsupported format (e.g., use SHA384 or SHA512 hash functions) then verification fails even if ca_cert property is not specified. This commit changes behavior so that certificate verification in internal TLS implementation is really skipped when ca_cert is not specified. Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Diffstat (limited to 'src/tls/tlsv1_cred.c')
-rw-r--r--src/tls/tlsv1_cred.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/tls/tlsv1_cred.c b/src/tls/tlsv1_cred.c
index 1ea6827..fbac965 100644
--- a/src/tls/tlsv1_cred.c
+++ b/src/tls/tlsv1_cred.c
@@ -190,6 +190,8 @@ int tlsv1_set_ca_cert(struct tlsv1_credentials *cred, const char *cert,
const u8 *cert_blob, size_t cert_blob_len,
const char *path)
{
+ cred->ca_cert_verify = cert || cert_blob || path;
+
if (tlsv1_set_cert_chain(&cred->trusted_certs, cert,
cert_blob, cert_blob_len) < 0)
return -1;