jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Fix ca_cert_verify for TPM

Browse source 
This bit is set in the code path that handles keys and certs from places
other than OpenSSL authentication engines. Setting this bit causes
authentication to fail when the server provides certificates that don't
match the client certificate authority.
This commit is contained in:
Christopher Wiley 2012-08-05 00:36:08 +03:00 committed by Jouni Malinen
parent a5195e56e8
commit d8858cadeb
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/crypto/tls_openssl.c
View file

@ -1922,6 +1922,8 @@ static int tls_connection_engine_ca_cert(void *_ssl_ctx,
wpa_printf(MSG_DEBUG, "OpenSSL: %s - added CA certificate from engine "
"to certificate store", __func__);
SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb);
conn->ca_cert_verify = 1;
return 0;
#else /* OPENSSL_NO_ENGINE */