diff options
author | Hai Shalom <haishalom@google.com> | 2023-04-28 19:12:16 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-04-28 19:12:16 +0000 |
commit | 4d3f0c8691f0a82d8076347bd01390b1b4df1ad0 (patch) | |
tree | f84b9cc982291b49d798213b52a4aca25de722b7 | |
parent | 97b6f0e00d3488f6c3176119bd37399b4b6dbc41 (diff) | |
parent | 460b0889634ad589e3164bf3e65673f46075c53f (diff) | |
download | wpa_supplicant_8-4d3f0c8691f0a82d8076347bd01390b1b4df1ad0.tar.gz |
Merge "[wpa_supplicant] Generate more cert notification events" into udc-dev am: 460b088963
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/wpa_supplicant_8/+/22751685
Change-Id: Ied362e53f74d34df9b5f71884b345c77606a5e62
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | src/crypto/tls_openssl.c | 38 | ||||
-rw-r--r-- | wpa_supplicant/aidl/aidl_manager.cpp | 10 |
2 files changed, 25 insertions, 23 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 01b17b26..23bbe687 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2587,6 +2587,7 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) u8 hash[32]; const u8 *addr[1]; size_t len[1]; + addr[0] = wpabuf_head(cert); len[0] = wpabuf_len(cert); if (sha256_vector(1, addr, len, hash) < 0 || @@ -2608,29 +2609,30 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) } #endif /* CONFIG_SHA256 */ - openssl_tls_cert_event(conn, err_cert, depth, buf); - if (!preverify_ok) { - if (depth > 0) { - /* Send cert event for the peer certificate so that - * the upper layers get information about it even if - * validation of a CA certificate fails. */ - STACK_OF(X509) *chain; - - chain = X509_STORE_CTX_get1_chain(x509_ctx); - if (chain && sk_X509_num(chain) > 0) { - char buf2[256]; - X509 *cert; - - cert = sk_X509_value(chain, 0); + /* Send cert events for the peer certificate chain so that + * the upper layers get information about it even if + * validation of a CA certificate fails. */ + STACK_OF(X509) *chain; + int num_of_certs; + + chain = X509_STORE_CTX_get1_chain(x509_ctx); + num_of_certs = sk_X509_num(chain); + if (chain && num_of_certs > 0) { + char buf2[256]; + X509 *cert; + int cur_depth; + + for (cur_depth = num_of_certs - 1; cur_depth >= 0; cur_depth--) { + cert = sk_X509_value(chain, cur_depth); X509_NAME_oneline(X509_get_subject_name(cert), buf2, sizeof(buf2)); - openssl_tls_cert_event(conn, cert, 0, buf2); + openssl_tls_cert_event(conn, cert, cur_depth, buf2); } - if (chain) - sk_X509_pop_free(chain, X509_free); } + if (chain) + sk_X509_pop_free(chain, X509_free); wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," " error %d (%s) depth %d for '%s'", err, err_str, @@ -2640,6 +2642,8 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) return preverify_ok; } + openssl_tls_cert_event(conn, err_cert, depth, buf); + wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - preverify_ok=%d " "err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", preverify_ok, err, err_str, diff --git a/wpa_supplicant/aidl/aidl_manager.cpp b/wpa_supplicant/aidl/aidl_manager.cpp index d7987e62..89b5432b 100644 --- a/wpa_supplicant/aidl/aidl_manager.cpp +++ b/wpa_supplicant/aidl/aidl_manager.cpp @@ -2058,17 +2058,15 @@ void AidlManager::notifyCertification(struct wpa_supplicant *wpa_s, return; } struct wpa_ssid *current_ssid = wpa_s->current_ssid; + if (!wpa_key_mgmt_wpa_ieee8021x(current_ssid->key_mgmt)) { + return; + } if (NULL == subject || NULL == cert_hash || NULL == cert) { wpa_printf(MSG_ERROR, "Incomplete certificate information. Drop Certification event!"); return; } - if (!wpa_key_mgmt_wpa_ieee8021x(current_ssid->key_mgmt)) { - wpa_printf(MSG_ERROR, "Not 802.1x configuration, Drop Certification event!"); - return; - } - if (current_ssid->eap.cert.ca_path || current_ssid->eap.cert.ca_cert) { - wpa_printf(MSG_DEBUG, "Already has CA certificate. Drop Certification event!"); + if (current_ssid->eap.cert.ca_cert) { return; } |