OpenSSL: Report peer certificate before stopping due to validation issue
This is needed to allow upper layer software to learn the hash of the server certificate for allowing user to override trust root configuration. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
1363fdb283
commit
3539738cf5
1 changed files with 3 additions and 2 deletions
|
@ -2375,6 +2375,8 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_SHA256 */
|
#endif /* CONFIG_SHA256 */
|
||||||
|
|
||||||
|
openssl_tls_cert_event(conn, err_cert, depth, buf);
|
||||||
|
|
||||||
if (!preverify_ok) {
|
if (!preverify_ok) {
|
||||||
wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
|
wpa_printf(MSG_WARNING, "TLS: Certificate verification failed,"
|
||||||
" error %d (%s) depth %d for '%s'", err, err_str,
|
" error %d (%s) depth %d for '%s'", err, err_str,
|
||||||
|
@ -2431,8 +2433,7 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||||
openssl_tls_fail_event(conn, err_cert, err, depth, buf,
|
openssl_tls_fail_event(conn, err_cert, err, depth, buf,
|
||||||
"Domain mismatch",
|
"Domain mismatch",
|
||||||
TLS_FAIL_DOMAIN_MISMATCH);
|
TLS_FAIL_DOMAIN_MISMATCH);
|
||||||
} else
|
}
|
||||||
openssl_tls_cert_event(conn, err_cert, depth, buf);
|
|
||||||
|
|
||||||
if (conn->cert_probe && preverify_ok && depth == 0) {
|
if (conn->cert_probe && preverify_ok && depth == 0) {
|
||||||
wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
|
wpa_printf(MSG_DEBUG, "OpenSSL: Reject server certificate "
|
||||||
|
|
Loading…
Reference in a new issue