eapol_test: Add option for writing server certificate chain to a file

eapol_test command line argument -o<file> can now be used to request the received server certificate chain to be written to the specified file. The certificates will be written in PEM format. [Bug 391]
2011-09-17 22:42:54 +03:00 · 2011-09-17 22:42:54 +03:00 · 1b414f59fc
commit 1b414f59fc
parent 8a55f56453
7 changed files with 60 additions and 9 deletions
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@ -72,6 +72,7 @@ struct tls_config {
 	const char *pkcs11_engine_path;
 	const char *pkcs11_module_path;
 	int fips_mode;
+	int cert_in_cb;

 	void (*event_cb)(void *ctx, enum tls_event ev,
 			 union tls_event_data *data);
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -59,6 +59,7 @@ struct tls_global {
 	void (*event_cb)(void *ctx, enum tls_event ev,
 			 union tls_event_data *data);
 	void *cb_ctx;
+	int cert_in_cb;
 };

 static struct tls_global *tls_global = NULL;
@ -694,6 +695,7 @@ void * tls_init(const struct tls_config *conf)
 		if (conf) {
 			tls_global->event_cb = conf->event_cb;
 			tls_global->cb_ctx = conf->cb_ctx;
+			tls_global->cert_in_cb = conf->cert_in_cb;
 		}

 #ifdef CONFIG_FIPS
@ -1144,7 +1146,7 @@ static void openssl_tls_cert_event(struct tls_connection *conn,
 		return;

 	os_memset(&ev, 0, sizeof(ev));
-	if (conn->cert_probe) {
+	if (conn->cert_probe || tls_global->cert_in_cb) {
 		cert = get_x509_cert(err_cert);
 		ev.peer_cert.cert = cert;
 	}
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@ -1242,6 +1242,7 @@ struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
 #endif /* CONFIG_FIPS */
 	tlsconf.event_cb = eap_peer_sm_tls_event;
 	tlsconf.cb_ctx = sm;
+	tlsconf.cert_in_cb = conf->cert_in_cb;
 	sm->ssl_ctx = tls_init(&tlsconf);
 	if (sm->ssl_ctx == NULL) {
 		wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@ -262,6 +262,11 @@ struct eap_config {
 	 * This is only used by EAP-WSC and can be left %NULL if not available.
 	 */
 	struct wps_context *wps;
+
+	/**
+	 * cert_in_cb - Include server certificates in callback
+	 */
+	int cert_in_cb;
 };

 struct eap_sm * eap_peer_sm_init(void *eapol_ctx,
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@ -1883,6 +1883,7 @@ struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
 	conf.pkcs11_engine_path = ctx->pkcs11_engine_path;
 	conf.pkcs11_module_path = ctx->pkcs11_module_path;
 	conf.wps = ctx->wps;
+	conf.cert_in_cb = ctx->cert_in_cb;

 	sm->eap = eap_peer_sm_init(sm, &eapol_cb, sm->ctx->msg_ctx, &conf);
 	if (sm->eap == NULL) {
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@ -231,6 +231,11 @@ struct eapol_ctx {
 	 */
 	void (*cert_cb)(void *ctx, int depth, const char *subject,
 			const char *cert_hash, const struct wpabuf *cert);
+
+	/**
+	 * cert_in_cb - Include server certificates in callback
+	 */
+	int cert_in_cb;
 };