jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

TLS: Reorder certificates if needed when reading them

Browse source 
The internal TLS implementation assumes that the certificate chain
is ordered by issuer certificate following the certificate that it
signed. Add the certificates to the chain in suitable order when
loading multiple certificates.
This commit is contained in:
Jouni Malinen 2011-08-04 22:39:03 +03:00 committed by Jouni Malinen
parent 628d54639a
commit 6921f1f386
1 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/tls/tlsv1_cred.c
View file

@ -46,7 +46,7 @@ void tlsv1_cred_free(struct tlsv1_credentials *cred)
static int tlsv1_add_cert_der(struct x509_certificate **chain,
const u8 *buf, size_t len)
{
struct x509_certificate *cert;
struct x509_certificate *cert, *p;
char name[128];
cert = x509_certificate_parse(buf, len);
@ -56,8 +56,20 @@ static int tlsv1_add_cert_der(struct x509_certificate **chain,
return -1;
}
cert->next = *chain;
*chain = cert;
p = *chain;
while (p && p->next)
p = p->next;
if (p && x509_name_compare(&cert->subject, &p->issuer) == 0) {
/*
* The new certificate is the issuer of the last certificate in
* the chain - add the new certificate to the end.
*/
p->next = cert;
} else {
/* Add to the beginning of the chain */
cert->next = *chain;
*chain = cert;
}
x509_name_string(&cert->subject, name, sizeof(name));
wpa_printf(MSG_DEBUG, "TLSv1: Added certificate: %s", name);