From 3085e1a6715ac2f79c3cf9a12bf7e14f59eadf18 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 14 Mar 2022 10:42:11 +0200 Subject: [PATCH] hs20-osu-client: dNSName values from OSU server certificate for PPS MO The previous change to allow EST server to use a different host name ended up overriding the OSU server certificate information and the incorrect server certificate was used when comparing the SP FQDN from the PPS MO if the OSU and EST servers where different. Fix this by keeping the dNSName from the SPP interaction and not storing the values from the EST interaction. Fixes: 0ce8d55a2e1b ("hs20-osu-client: Allow EST server to use different host name") Signed-off-by: Jouni Malinen --- hs20/client/osu_client.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c index 7ab2a3746..f9600250b 100644 --- a/hs20/client/osu_client.c +++ b/hs20/client/osu_client.c @@ -2920,15 +2920,18 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert) else host = get_hostname(ctx->server_url); - for (i = 0; i < ctx->server_dnsname_count; i++) - os_free(ctx->server_dnsname[i]); - os_free(ctx->server_dnsname); - ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *)); - ctx->server_dnsname_count = 0; + if (!ctx->no_osu_cert_validation) { + for (i = 0; i < ctx->server_dnsname_count; i++) + os_free(ctx->server_dnsname[i]); + os_free(ctx->server_dnsname); + ctx->server_dnsname = os_calloc(cert->num_dnsname, + sizeof(char *)); + ctx->server_dnsname_count = 0; + } found = 0; for (i = 0; i < cert->num_dnsname; i++) { - if (ctx->server_dnsname) { + if (!ctx->no_osu_cert_validation && ctx->server_dnsname) { ctx->server_dnsname[ctx->server_dnsname_count] = os_strdup(cert->dnsname[i]); if (ctx->server_dnsname[ctx->server_dnsname_count])