aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tlsv1_cred.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-11-29 16:59:27 (GMT)
committerJouni Malinen <j@w1.fi>2015-11-29 16:59:27 (GMT)
commitf2a6ad01a943103c658de5721c2d7f7e91ee7fa4 (patch)
tree73d1fbdd538d39173755a854b428c728894be2ec /src/tls/tlsv1_cred.c
parentb115eebe01ca23848d3af786a6b22803a1b2fafc (diff)
downloadhostap-f2a6ad01a943103c658de5721c2d7f7e91ee7fa4.zip
hostap-f2a6ad01a943103c658de5721c2d7f7e91ee7fa4.tar.gz
hostap-f2a6ad01a943103c658de5721c2d7f7e91ee7fa4.tar.bz2
TLS client: Add support for server certificate probing
The internal TLS client implementation can now be used with ca_cert="probe://" to probe the server certificate chain. This is also adding the related CTRL-EVENT-EAP-TLS-CERT-ERROR and CTRL-EVENT-EAP-PEER-CERT events. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls/tlsv1_cred.c')
-rw-r--r--src/tls/tlsv1_cred.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/tls/tlsv1_cred.c b/src/tls/tlsv1_cred.c
index 3ed21ec..067562b 100644
--- a/src/tls/tlsv1_cred.c
+++ b/src/tls/tlsv1_cred.c
@@ -218,6 +218,13 @@ int tlsv1_set_ca_cert(struct tlsv1_credentials *cred, const char *cert,
return 0;
}
+ if (cert && os_strncmp(cert, "probe://", 8) == 0) {
+ cred->cert_probe = 1;
+ cred->ca_cert_verify = 0;
+ wpa_printf(MSG_DEBUG, "TLSv1: Only probe server certificate");
+ return 0;
+ }
+
cred->ca_cert_verify = cert || cert_blob || path;
if (tlsv1_set_cert_chain(&cred->trusted_certs, cert,