aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tlsv1_cred.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2011-08-04 19:39:03 (GMT)
committerJouni Malinen <j@w1.fi>2011-08-04 19:39:03 (GMT)
commit6921f1f3860e8e3c1a6148b586a5b5bb406b6656 (patch)
treee560c406f3edb5f84def23370138b3d3b536d0e3 /src/tls/tlsv1_cred.c
parent628d54639a90f779fd5c98c31e049638de56b17e (diff)
downloadhostap-6921f1f3860e8e3c1a6148b586a5b5bb406b6656.zip
hostap-6921f1f3860e8e3c1a6148b586a5b5bb406b6656.tar.gz
hostap-6921f1f3860e8e3c1a6148b586a5b5bb406b6656.tar.bz2
TLS: Reorder certificates if needed when reading them
The internal TLS implementation assumes that the certificate chain is ordered by issuer certificate following the certificate that it signed. Add the certificates to the chain in suitable order when loading multiple certificates.
Diffstat (limited to 'src/tls/tlsv1_cred.c')
-rw-r--r--src/tls/tlsv1_cred.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/src/tls/tlsv1_cred.c b/src/tls/tlsv1_cred.c
index aa467ef..3e07245 100644
--- a/src/tls/tlsv1_cred.c
+++ b/src/tls/tlsv1_cred.c
@@ -46,7 +46,7 @@ void tlsv1_cred_free(struct tlsv1_credentials *cred)
static int tlsv1_add_cert_der(struct x509_certificate **chain,
const u8 *buf, size_t len)
{
- struct x509_certificate *cert;
+ struct x509_certificate *cert, *p;
char name[128];
cert = x509_certificate_parse(buf, len);
@@ -56,8 +56,20 @@ static int tlsv1_add_cert_der(struct x509_certificate **chain,
return -1;
}
- cert->next = *chain;
- *chain = cert;
+ p = *chain;
+ while (p && p->next)
+ p = p->next;
+ if (p && x509_name_compare(&cert->subject, &p->issuer) == 0) {
+ /*
+ * The new certificate is the issuer of the last certificate in
+ * the chain - add the new certificate to the end.
+ */
+ p->next = cert;
+ } else {
+ /* Add to the beginning of the chain */
+ cert->next = *chain;
+ *chain = cert;
+ }
x509_name_string(&cert->subject, name, sizeof(name));
wpa_printf(MSG_DEBUG, "TLSv1: Added certificate: %s", name);