jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Support PEM encoded chain from client_cert blob

Browse source 
Allow a chain of certificates to be configured through a client_cert
blob.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-06-16 17:47:50 +03:00 committed by Jouni Malinen
parent 68ac45d53c
commit 4b834df5e0
1 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/crypto/tls_openssl.c
View file

@ -3241,8 +3241,31 @@ static int tls_connection_client_cert(struct tls_connection *conn,
"OK"); "OK");
return 0; return 0;
} else if (client_cert_blob) { } else if (client_cert_blob) {
BIO *bio;
X509 *x509;
tls_show_errors(MSG_DEBUG, __func__, tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_certificate_ASN1 failed"); "SSL_use_certificate_ASN1 failed");
bio = BIO_new(BIO_s_mem());
if (!bio)
return -1;
BIO_write(bio, client_cert_blob, client_cert_blob_len);
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (!x509 || SSL_use_certificate(conn->ssl, x509) != 1) {
X509_free(x509);
BIO_free(bio);
return -1;
}
X509_free(x509);
wpa_printf(MSG_DEBUG,
"OpenSSL: Found PEM encoded certificate from blob");
while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL))) {
wpa_printf(MSG_DEBUG,
"OpenSSL: Added an additional certificate into the chain");
SSL_add0_chain_cert(conn->ssl, x509);
}
BIO_free(bio);
return 0;
} }
if (client_cert == NULL) if (client_cert == NULL)