DPP2: Allow CSR processing by CA/RA to reject configuration
"DPP_CA_SET name=status value=<int>" can now be used to explicitly indicate that CSR was rejected by CA/RA. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
3b60f11741
commit
3a3eded0dc
1 changed files with 27 additions and 17 deletions
|
@ -3628,6 +3628,27 @@ int wpas_dpp_reconfig(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int wpas_dpp_build_conf_resp(struct wpa_supplicant *wpa_s,
|
||||||
|
struct dpp_authentication *auth)
|
||||||
|
{
|
||||||
|
struct wpabuf *resp;
|
||||||
|
|
||||||
|
resp = dpp_build_conf_resp(auth, auth->e_nonce, auth->curve->nonce_len,
|
||||||
|
auth->e_netrole, true);
|
||||||
|
if (!resp)
|
||||||
|
return -1;
|
||||||
|
if (gas_server_set_resp(wpa_s->gas_server, auth->cert_resp_ctx,
|
||||||
|
resp) < 0) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"DPP: Could not find pending GAS response");
|
||||||
|
wpabuf_free(resp);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
auth->conf_resp = resp;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
|
int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
|
||||||
{
|
{
|
||||||
int peer;
|
int peer;
|
||||||
|
@ -3663,6 +3684,11 @@ int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
|
||||||
return -1;
|
return -1;
|
||||||
pos += 6;
|
pos += 6;
|
||||||
|
|
||||||
|
if (os_strncmp(pos, "status ", 7) == 0) {
|
||||||
|
auth->force_conf_resp_status = atoi(value);
|
||||||
|
return wpas_dpp_build_conf_resp(wpa_s, auth);
|
||||||
|
}
|
||||||
|
|
||||||
if (os_strncmp(pos, "trustedEapServerName ", 21) == 0) {
|
if (os_strncmp(pos, "trustedEapServerName ", 21) == 0) {
|
||||||
os_free(auth->trusted_eap_server_name);
|
os_free(auth->trusted_eap_server_name);
|
||||||
auth->trusted_eap_server_name = os_strdup(value);
|
auth->trusted_eap_server_name = os_strdup(value);
|
||||||
|
@ -3682,25 +3708,9 @@ int wpas_dpp_ca_set(struct wpa_supplicant *wpa_s, const char *cmd)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (os_strncmp(pos, "certBag ", 8) == 0) {
|
if (os_strncmp(pos, "certBag ", 8) == 0) {
|
||||||
struct wpabuf *resp;
|
|
||||||
|
|
||||||
wpabuf_free(auth->certbag);
|
wpabuf_free(auth->certbag);
|
||||||
auth->certbag = buf;
|
auth->certbag = buf;
|
||||||
|
return wpas_dpp_build_conf_resp(wpa_s, auth);
|
||||||
resp = dpp_build_conf_resp(auth, auth->e_nonce,
|
|
||||||
auth->curve->nonce_len,
|
|
||||||
auth->e_netrole, true);
|
|
||||||
if (!resp)
|
|
||||||
return -1;
|
|
||||||
if (gas_server_set_resp(wpa_s->gas_server, auth->cert_resp_ctx,
|
|
||||||
resp) < 0) {
|
|
||||||
wpa_printf(MSG_DEBUG,
|
|
||||||
"DPP: Could not find pending GAS response");
|
|
||||||
wpabuf_free(resp);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
auth->conf_resp = resp;
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
wpabuf_free(buf);
|
wpabuf_free(buf);
|
||||||
|
|
Loading…
Reference in a new issue