From dcc0ccd5b0faab259a48c0cb6427b8b825ba4217 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 9 Apr 2019 16:22:13 +0300 Subject: [PATCH] wolfSSL: Fix dNSName matching with domain_match and domain_suffix_match Incorrect gen->type value was used to check whether subjectAltName contained dNSName entries. This resulted in all domain_match and domain_suffix_match entries failing to find a match and rejecting the server certificate. Fix this by checking against the correct type definition for dNSName. Signed-off-by: Jouni Malinen --- src/crypto/tls_wolfssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index 41fc946bc..9cf13a9bd 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -690,7 +690,7 @@ static int tls_match_suffix(WOLFSSL_X509 *cert, const char *match, int full) for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) { gen = wolfSSL_sk_value(ext, j); - if (gen->type != ALT_NAMES_OID) + if (gen->type != ASN_DNS_TYPE) continue; dns_name++; wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",