Extend server certificate TOD policy reporting to include TOD-TOFU
The previously used single TOD policy was split into two policies: TOD-STRICT and TOD-TOFU. Report these separately in the CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for TOD-TOFU). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
346d10cf82
commit
a647a0ad75
2 changed files with 6 additions and 3 deletions
|
|
@ -2186,7 +2186,9 @@ static int openssl_cert_tod(X509 *cert)
|
|||
continue;
|
||||
wpa_printf(MSG_DEBUG, "OpenSSL: Certificate Policy %s", buf);
|
||||
if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.1") == 0)
|
||||
tod = 1;
|
||||
tod = 1; /* TOD-STRICT */
|
||||
else if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.2") == 0 && !tod)
|
||||
tod = 2; /* TOD-TOFU */
|
||||
}
|
||||
|
||||
return tod;
|
||||
|
|
|
|||
|
|
@ -794,10 +794,11 @@ void wpas_notify_certification(struct wpa_supplicant *wpa_s,
|
|||
int i;
|
||||
|
||||
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
|
||||
"depth=%d subject='%s'%s%s%s",
|
||||
"depth=%d subject='%s'%s%s%s%s",
|
||||
cert->depth, cert->subject, cert_hash ? " hash=" : "",
|
||||
cert_hash ? cert_hash : "",
|
||||
cert->tod ? " tod=1" : "");
|
||||
cert->tod == 2 ? " tod=2" : "",
|
||||
cert->tod == 1 ? " tod=1" : "");
|
||||
|
||||
if (cert->cert) {
|
||||
char *cert_hex;
|
||||
|
|
|
|||
Loading…
Reference in a new issue