Commit graph

66 commits

Author SHA1 Message Date
Neelansh Mittal
a926295a55 HS 2.0R2: Fix permissions for SP/<fqdn> directory on Android
As part of OSU, the AAA TrustRoot cert is downloaded into SP/<fqdn>
directory. On Android, wpa_supplicant runs with Wifi uid privileges, and
hence might not have read access to the AAA TrustRoot present SP/<fqdn>
directory. Hence, make AID_WIFI as the group owner of SP/<fqdn>
directory and allow the members of AID_WIFI group to read files present
in this directory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 12:11:36 +02:00
Sreenath S
6a6569b8bd HS 2.0R2: Add password to DB in case of machine managed subscription
Add password and machine_managed flag to database in case of machine
managed subscription to fix EAP-TTLS connection failure to production
AP. In case of user managed subscription, the entered password is added
to DB from the PHP script. However in machine managed subscription,
machine generated password is added only in SOAP messages and PPS MO. So
connection to production will fail as the generated password is not
present in the database used by AAA server.

Signed-off-by: Sreenath Sharma <sreenath.mailing.lists@gmail.com>
2015-02-01 22:21:01 +02:00
ASHUTOSH NARAYAN
73f1ee0243 HS20: Fix TrustRoot path for PolicyUpdate node in PPS MO
Incorrect TrustRoot path "PolicyUpdate/TrustRoot" was used. The
TrustRoot path is required to be "Policy/PolicyUpdate/TrustRoot" as
defined in Section 9.1 of Hotspot 2.0 (Release 2) specification. Fix the
path to "Policy/PolicyUpdate/TrustRoot".

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-01-20 02:25:41 +02:00
ASHUTOSH NARAYAN
54a0ac0ccf HS20: Return result of cmd_sub_rem in hs20-osu-client
Previously, both failure and success cases used same return value 0.
Indicate failures differently to make hs20-osu-client return value more
useful for subscription remediation cases.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-01-20 02:17:13 +02:00
Narayan Kamath
96d1d97af6 Android: Remove hardcoded ICU include paths from hs20-osu-client
ICU exports them using LOCAL_EXPORT_C_INCLUDE_DIRS.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-01-10 01:00:29 +02:00
Dmitry Shmidt
a5257a7a27 HS 2.0R2: Keep backward compatibility with old icu
This allows hs20-osu-client to be build with additional Android
versions.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-20 10:25:54 +03:00
Jouni Malinen
d1ecca6c15 HS 2.0 R2: Clear hs20-osu-client configuration keys explicitly
Use an explicit memset call to clear any hs20-osu-client configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
013359147d HS 2.0 SPP server: Fix aaa_trust_root_cert_url example to use DER
The trust roots in the PPS MO point to a DER encoded X.509 certificate.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-11 18:55:42 +03:00
Jouni Malinen
0b2c59e315 OSU server: Add example scripts for Hotspot 2.0 PKI
These can be used to generate certificates for developer testing of the
OSU protocol.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-31 12:25:25 +03:00
Jouni Malinen
0f27c20d8d HS 2.0R2: Add example OSU SPP server implementation
This is meant mainly for testing purposes and as a reference
implementation showing how OSU SPP server could be implemented. This is
not suitable for any real production use in its current form.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-31 12:25:17 +03:00
Jouni Malinen
bb2382619a HS 2.0R2: Clean up debug log during exit path
deinit_ctx() may print debug information, so do not call
wpa_debug_close_file() before deinit_ctx().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:40:04 +02:00
Jouni Malinen
48408fce2f HS 2.0R2: Do not mandate OCSP response for EST operations
OCSP validation is required only for the OSU operations and since the
EST server may use a different server certificate, it may not
necessarily support OCSP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:58 +02:00
Jouni Malinen
8f60293d3f HS 2.0R2: Do not use OSU cert validation for EST
There is no requirement for the EST server to use an OSU server
certificate, so do not require friendly name and icon hash matches for
EST cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:49 +02:00
Jouni Malinen
40bdceac88 HS 2.0R2: Configure OSU client trust root more consistently
Some of the code paths could have ended up ignoring CA file name from
command line due to overly complex way of setting ctx->ca_fname.
Configure this more consistently in osu_client.c as soon as the CA file
name has been determined.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:39 +02:00
Jouni Malinen
39b420f7b1 HS 2.0R2: Add parse_cert command for debugging purposes
This hs20-osu-client client command can be used to parse a DER encoded
X.509v3 certificate with the logotype extensions and
id-wfa-hotspot-friendlyName values shown in detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:22 +02:00
Jouni Malinen
c0d701a347 HS 2.0R2: Add OSU client implementation
This adds a reference implementation of Hotspot 2.0 Release 2 OSU
client. While this implements all of the required functionality, it is
likely that a significant extensions would be used to integrate this
with user interfaces and operating system configuration components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:22 +02:00