path: root/hs20
Commit message (Collapse)AuthorAgeFilesLines
* hs20-osu-client: Fix pol_upd command line parsingJouni Malinen2016-03-161-6/+3
| | | | | | | | This command was documented as having the Server URL parameter as optional, but the implementation did not match that. Allow this parameter to be left out. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hs20-osu-client: Remove dead code from sub_rem command line parsingJouni Malinen2016-03-161-8/+3
| | | | | | | | The error print could not have been reached since the exact same condition was verified above and exit(0) is called if the command line is invalid. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Android: Remove superfluous OpenSSL include pathsAdam Langley2016-03-031-1/+0
| | | | | | | | The libcrypto and libssl modules (and their respective static and host versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module is sufficient. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Android: Allow wpa_supplicant to write files to osu-info dirKanchanapally, Vidyullatha2016-03-031-1/+12
| | | | | | | | | | | | | This commit allows any process running with group id of AID_WIFI to read/write files to osu-info directory. Also, it allows other users to read and search the osu-info directory. This fixes issues with hs20-osu-client creating a directory for wpa_supplicant use without wpa_supplicant actually having privileges to write there on Android where the wpa_supplicant process does not run as root. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hs20-osu-client: Fix check for osu_nai being availableJouni Malinen2016-01-151-1/+1
| | | | | | | This is an array, so the pointer is never NULL; need to check that the first character is not '\0' instead. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* EST: Comment out X509_REQ_print calls on Android with BoringSSLJouni Malinen2015-12-041-0/+4
| | | | | | | | | | These were restored into BoringSSL in June 2015, but not all Android branches include those changes. To fix the build, comment these call out on Android for now if hs20-osu-client is built against BoringSSL. These are used only for debugging purposes, so this is fine for Hotspot 2.0 functionality. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* EST: Add CSR generation support with BoringSSLJouni Malinen2015-12-041-16/+28
| | | | | | | This completes EST support with hs20-osu-client when built with BoringSSL instead of OpenSSL. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* EST: Implement pkcs7_to_cert() with BoringSSLJouni Malinen2015-12-041-4/+20
| | | | | | | This adds one more step in completing hs20-osu-client support when using BoringSSL instead of OpenSSL. EST client can now parse the cacerts file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HTTP (curl): OCSP with BoringSSLJouni Malinen2015-12-042-0/+2
| | | | | | | | | This adds experimental support for using OCSP with libcurl that is built against BoringSSL. This needs small modifications to libcurl to allow CURLOPT_SSL_VERIFYSTATUS to be used to call SSL_enable_ocsp_stapling(connssl->handle) in ossl_connect_step1(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hs20-osu-client: Disable EST with BoringSSL to fix buildJouni Malinen2015-10-091-0/+16
| | | | | | | | BoringSSL has dropped OpenSSL functionality that was used in the EST implementation. For now, disable EST with BoringSSL to allow hs20-osu-client to be built. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Fix memory leak on error path in hs20-osu-clientNishant Chaprana2015-06-231-0/+1
| | | | | | | fqdn was not freed before return in case the server uses an unsupported location for the PPS MO in the addMO command. Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
* HS 2.0: hs20-client: Fix hostname extraction from URLBen Greear2015-05-271-3/+3
| | | | | | | | It was not properly handling cases like this: https://foo.local:443 Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0: Fix hs20_spp_server compile errorBen Greear2015-05-271-0/+1
| | | | | | Need to add a new -I path to get it to compile. Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0: spp-client: Warn user if xml file cannot be foundBen Greear2015-05-271-1/+6
| | | | | | | Otherwise, all you get is a cryptic XML validation error out of the SPP server. Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0R2: Allow user to specify spp.xsd file locationBen Greear2015-04-012-2/+10
| | | | | | | | Allow user to specify the path to the spp.xsd file for hs20-osu-client instead of requiring this to be spp.xsd in the current working directory. Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0R2: Add more debugging messages to hs20-osu-clientBen Greear2015-04-012-8/+23
| | | | | | Helps to figure out why some errors happen. Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0R2 CA: Improve setup.sh and .conf for more flexibilityBen Greear2015-04-015-30/+178
| | | | | | | | | This gives more flexibility when generating keys so that users do not have to edit files to generate their own specific keys. Update HS 2.0 OSU server notes as well. Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0R2: Add more logging for hs20-osu-client icon matchingBen Greear2015-03-281-8/+25
| | | | | | | Add some more verbose logging, and make sure logging messages are unique for easier debugging. Signed-off-by: Ben Greear <greearb@candelatech.com>
* OSU server: Improve logging for SPP schema validation failuresBen Greear2015-03-281-1/+3
| | | | Signed-off-by: Ben Greear <greearb@candelatech.com>
* OSU server: Print out signup ID if there is some problem with itBen Greear2015-03-281-1/+1
| | | | Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0R2: Remove unused argument identifier from hs20-osu-clientBen Greear2015-03-281-2/+2
| | | | | | | | | The command line option 'i' is not handled, so I assume it should not be in the short-options list. Fix missing word in error message as well. Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0R2: Allow custom libcurl linkage for hs20-osu-clientBen Greear2015-03-281-0/+6
| | | | | | | | In case someone is compiling their own libcurl and wants to link it statically, for instance, the new CUST_CURL_LINKAGE parameter can be used to override the default -lcurl argument. Signed-off-by: Ben Greear <greearb@candelatech.com>
* HS 2.0: Add NULL check before dereferencing in hs20-osu-clientRajiv Ranjan2015-03-061-0/+5
| | | | | | | xml_node_get_text() may return NULL, so need to check the return value before using it. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hs20-osu-client: Ensure NULL checks are done before dereferencingSubhani Shaik2015-02-192-0/+21
| | | | | | | In some error cases, pointers were dereferenced before NULL check is done. Fix this by adding checks before the dereference. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Android: Remove commented out non-Android build parametersJouni Malinen2015-02-191-8/+0
| | | | | | | | These hs20-osu-client parameters were never applicable for Android builds and were just copied from the non-Android Makefile as a reminder, but not removed once rest of the Android build was fixed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Android: Remove libxml2 config definesJouni Malinen2015-02-191-2/+0
| | | | | | | | | | These need to be done in the libxml2 build, not in hs20-osu-client. This workaround was previously used to allow parts of the build to go through, but that was not a complete fix and resulted in warnings now that external/libxml2 in Android 5.0 is defining the same parameters. Remove these from hs20-osu-client Android.mk to avoid that warning. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Android: Silence unused function parameter warningsJouni Malinen2015-02-191-0/+2
| | | | | | | | Numbers of hs20-osu-client functions do not use all of the parameters currently. This makes the compiler output difficult to read due to undesired warning messages. Get rid of those specific warnings for now. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Android: Fix hs20-osu-client build on Android 5.0Jouni Malinen2015-02-191-0/+9
| | | | | | | | | The LOCAL_EXPORT_C_INCLUDE_DIRS from ICU did not seem to fully resolve the build (e.g., "mm -B" failed to build, but following that with "mm" allowed the build to complete). For now, add the include directory manually here for Android 5.0. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Fix permissions for SP/<fqdn> directory on AndroidNeelansh Mittal2015-02-191-0/+18
| | | | | | | | | | | As part of OSU, the AAA TrustRoot cert is downloaded into SP/<fqdn> directory. On Android, wpa_supplicant runs with Wifi uid privileges, and hence might not have read access to the AAA TrustRoot present SP/<fqdn> directory. Hence, make AID_WIFI as the group owner of SP/<fqdn> directory and allow the members of AID_WIFI group to read files present in this directory. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add password to DB in case of machine managed subscriptionSreenath S2015-02-011-0/+27
| | | | | | | | | | | | Add password and machine_managed flag to database in case of machine managed subscription to fix EAP-TTLS connection failure to production AP. In case of user managed subscription, the entered password is added to DB from the PHP script. However in machine managed subscription, machine generated password is added only in SOAP messages and PPS MO. So connection to production will fail as the generated password is not present in the database used by AAA server. Signed-off-by: Sreenath Sharma <sreenath.mailing.lists@gmail.com>
* HS20: Fix TrustRoot path for PolicyUpdate node in PPS MOASHUTOSH NARAYAN2015-01-201-2/+2
| | | | | | | | | Incorrect TrustRoot path "PolicyUpdate/TrustRoot" was used. The TrustRoot path is required to be "Policy/PolicyUpdate/TrustRoot" as defined in Section 9.1 of Hotspot 2.0 (Release 2) specification. Fix the path to "Policy/PolicyUpdate/TrustRoot". Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
* HS20: Return result of cmd_sub_rem in hs20-osu-clientASHUTOSH NARAYAN2015-01-201-15/+17
| | | | | | | | Previously, both failure and success cases used same return value 0. Indicate failures differently to make hs20-osu-client return value more useful for subscription remediation cases. Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
* Android: Remove hardcoded ICU include paths from hs20-osu-clientNarayan Kamath2015-01-091-3/+6
| | | | | | ICU exports them using LOCAL_EXPORT_C_INCLUDE_DIRS. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* HS 2.0R2: Keep backward compatibility with old icuDmitry Shmidt2014-07-201-0/+4
| | | | | | | This allows hs20-osu-client to be build with additional Android versions. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* HS 2.0 R2: Clear hs20-osu-client configuration keys explicitlyJouni Malinen2014-07-021-2/+2
| | | | | | | | | Use an explicit memset call to clear any hs20-osu-client configuration parameter that contains private information like keys or identity. This brings in an additional layer of protection by reducing the length of time this type of private data is kept in memory. Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0 SPP server: Fix aaa_trust_root_cert_url example to use DERJouni Malinen2014-04-111-1/+1
| | | | | | The trust roots in the PPS MO point to a DER encoded X.509 certificate. Signed-off-by: Jouni Malinen <j@w1.fi>
* OSU server: Add example scripts for Hotspot 2.0 PKIJouni Malinen2014-03-3112-0/+515
| | | | | | | These can be used to generate certificates for developer testing of the OSU protocol. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add example OSU SPP server implementationJouni Malinen2014-03-3119-0/+3760
| | | | | | | | This is meant mainly for testing purposes and as a reference implementation showing how OSU SPP server could be implemented. This is not suitable for any real production use in its current form. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Clean up debug log during exit pathJouni Malinen2014-03-171-1/+1
| | | | | | | deinit_ctx() may print debug information, so do not call wpa_debug_close_file() before deinit_ctx(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Do not mandate OCSP response for EST operationsJouni Malinen2014-03-172-0/+12
| | | | | | | | OCSP validation is required only for the OSU operations and since the EST server may use a different server certificate, it may not necessarily support OCSP. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Do not use OSU cert validation for ESTJouni Malinen2014-03-173-5/+16
| | | | | | | | There is no requirement for the EST server to use an OSU server certificate, so do not require friendly name and icon hash matches for EST cases. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Configure OSU client trust root more consistentlyJouni Malinen2014-03-174-75/+61
| | | | | | | | | Some of the code paths could have ended up ignoring CA file name from command line due to overly complex way of setting ctx->ca_fname. Configure this more consistently in osu_client.c as soon as the CA file name has been determined. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add parse_cert command for debugging purposesJouni Malinen2014-03-111-0/+10
| | | | | | | | This hs20-osu-client client command can be used to parse a DER encoded X.509v3 certificate with the logotype extensions and id-wfa-hotspot-friendlyName values shown in detail. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add OSU client implementationJouni Malinen2014-03-119-0/+6603
This adds a reference implementation of Hotspot 2.0 Release 2 OSU client. While this implements all of the required functionality, it is likely that a significant extensions would be used to integrate this with user interfaces and operating system configuration components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>