jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wolfSSL: Fix dNSName matching with domain_match and domain_suffix_match

Browse source 
Incorrect gen->type value was used to check whether subjectAltName
contained dNSName entries. This resulted in all domain_match and
domain_suffix_match entries failing to find a match and rejecting the
server certificate. Fix this by checking against the correct type
definition for dNSName.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-04-09 16:22:13 +03:00 committed by Jouni Malinen
parent 83f13e4ff6
commit dcc0ccd5b0
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/crypto/tls_wolfssl.c
View file

@ -690,7 +690,7 @@ static int tls_match_suffix(WOLFSSL_X509 *cert, const char *match, int full)
for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) { for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) {
gen = wolfSSL_sk_value(ext, j); gen = wolfSSL_sk_value(ext, j);
if (gen->type != ALT_NAMES_OID) if (gen->type != ASN_DNS_TYPE)
continue; continue;
dns_name++; dns_name++;
wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName", wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",