DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Add AAA server domain name suffix matching constraint

Browse source 
The new domain_suffix_match (and domain_suffix_match2 for Phase 2
EAP-TLS) can now be used to specify an additional constraint for the
server certificate domain name. If set, one of the dNSName values (or if
no dNSName is present, one of the commonName values) in the certificate
must have a suffix match with the specified value. Suffix match is done
based on full domain name labels, i.e., "example.com" matches
"test.example.com" but not "test-example.com".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2013-10-06 18:02:16 -07:00 committed by Jouni Malinen
parent be7963b3c2
commit 01f809c7db
6 changed files with 154 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/eap_peer/eap_tls_common.c
View file

@ -78,6 +78,7 @@ static void eap_tls_params_from_conf1(struct tls_connection_params *params,
params->dh_file = (char *) config->dh_file;
params->subject_match = (char *) config->subject_match;
params->altsubject_match = (char *) config->altsubject_match;
params->suffix_match = config->domain_suffix_match;
params->engine = config->engine;
params->engine_id = config->engine_id;
params->pin = config->pin;
@ -99,6 +100,7 @@ static void eap_tls_params_from_conf2(struct tls_connection_params *params,
params->dh_file = (char *) config->dh_file2;
params->subject_match = (char *) config->subject_match2;
params->altsubject_match = (char *) config->altsubject_match2;
params->suffix_match = config->domain_suffix_match2;
params->engine = config->engine2;
params->engine_id = config->engine2_id;
params->pin = config->pin2;