jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
10475 commits 3 branches 0 tags 28 MiB
Commit graph

13 commits

Author SHA1 Message Date
Jouni Malinen
0764dd6849 TLS client: Multi-OCSP check to cover intermediate CAs 
This extends multi-OCSP support to verify status for intermediate CAs in
the server certificate chain.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
 2015-12-24 00:54:30 +02:00
Jouni Malinen
8e3271dcd1 TLS: Store DER encoded version of Subject DN for X.509 certificates 
This is needed for OCSP issuerNameHash matching.

Signed-off-by: Jouni Malinen <j@w1.fi>
 2015-12-17 11:28:38 +02:00
Jouni Malinen
32ce69092e TLS: Share digest OID checkers from X.509 
These will be used by the OCSP implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
 2015-12-17 11:28:38 +02:00
Jouni Malinen
b72a36718f TLS: Support longer X.509 serialNumber values 
This extends the old support from 32 or 64 bit value to full 20 octets
maximum (RFC 5280, 4.1.2.2).

Signed-off-by: Jouni Malinen <j@w1.fi>
 2015-12-17 01:41:45 +02:00
Jouni Malinen
af4eba16ce TLS: Parse and validate BasicOCSPResponse 
This adds the next step in completing TLS client support for OCSP
stapling. The BasicOCSPResponse is parsed, a signing certificate is
found, and the signature is verified. The actual sequence of OCSP
responses (SignleResponse) is not yet processed in this commit.

Signed-off-by: Jouni Malinen <j@w1.fi>
 2015-12-17 00:48:34 +02:00
Jouni Malinen
1adf262144 TLS: Add support for extKeyUsage X.509v3 extension 
If the server/client certificate includes the extKeyUsage extension,
verify that the listed key purposes include either the
anyExtendedKeyUsage wildcard or id-kp-serverAuth/id-kp-clientAuth,
respectively.

Signed-off-by: Jouni Malinen <j@w1.fi>
 2015-11-29 21:53:23 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen 
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
 2012-02-11 19:39:36 +02:00
Jouni Malinen
235279e777 TLS: Add support for tls_disable_time_checks=1 in client mode 
This phase1 parameter for TLS-based EAP methods was already supported
with GnuTLS and this commit extends that support for OpenSSL and the
internal TLS implementation.
 2011-07-05 11:29:42 +03:00
Jouni Malinen
32b752ef8f Internal TLS: Fix X.509 name handling to use sequency of attributes 
There may be more than one attribute of same type (e.g., multiple DC
attributes), so the code needs to be able to handle that. Replace the
fixed structure with an array of attributes.
 2010-05-25 20:55:29 +03:00
Jouni Malinen
969b403fa7 Internal TLS: Add domainComponent parser for X.509 names 2010-05-25 19:43:21 +03:00
Jouni Malinen
1a70777868 Remove unneeded CONFIG_INTERNAL_X509 and NEED_SHA256 defines 2009-12-06 16:19:13 +02:00
Jouni Malinen
efe22727da X.509: Add parsing of alternative name to internal TLS implementation 
The alternative name extensions are now parsed, but the actual values
are not yet used for alt. subject name matching.
 2009-06-11 23:47:35 +03:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00