aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/crypto/tls_openssl.c4
-rw-r--r--wpa_supplicant/notify.c5
2 files changed, 6 insertions, 3 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 07d38e4..e67756a 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2186,7 +2186,9 @@ static int openssl_cert_tod(X509 *cert)
continue;
wpa_printf(MSG_DEBUG, "OpenSSL: Certificate Policy %s", buf);
if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.1") == 0)
- tod = 1;
+ tod = 1; /* TOD-STRICT */
+ else if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.2") == 0 && !tod)
+ tod = 2; /* TOD-TOFU */
}
return tod;
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index e41d7c4..0ba1e14 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -794,10 +794,11 @@ void wpas_notify_certification(struct wpa_supplicant *wpa_s,
int i;
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
- "depth=%d subject='%s'%s%s%s",
+ "depth=%d subject='%s'%s%s%s%s",
cert->depth, cert->subject, cert_hash ? " hash=" : "",
cert_hash ? cert_hash : "",
- cert->tod ? " tod=1" : "");
+ cert->tod == 2 ? " tod=2" : "",
+ cert->tod == 1 ? " tod=1" : "");
if (cert->cert) {
char *cert_hex;