hs20-osu-client: dNSName values from OSU server certificate for PPS MO

The previous change to allow EST server to use a different host name
ended up overriding the OSU server certificate information and the
incorrect server certificate was used when comparing the SP FQDN from
the PPS MO if the OSU and EST servers where different. Fix this by
keeping the dNSName from the SPP interaction and not storing the values
from the EST interaction.

Fixes: 0ce8d55a2e ("hs20-osu-client: Allow EST server to use different host name")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-03-14 10:42:11 +02:00 committed by Jouni Malinen
parent ce86f2446f
commit 3085e1a671

View file

@ -2920,15 +2920,18 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
else else
host = get_hostname(ctx->server_url); host = get_hostname(ctx->server_url);
for (i = 0; i < ctx->server_dnsname_count; i++) if (!ctx->no_osu_cert_validation) {
os_free(ctx->server_dnsname[i]); for (i = 0; i < ctx->server_dnsname_count; i++)
os_free(ctx->server_dnsname); os_free(ctx->server_dnsname[i]);
ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *)); os_free(ctx->server_dnsname);
ctx->server_dnsname_count = 0; ctx->server_dnsname = os_calloc(cert->num_dnsname,
sizeof(char *));
ctx->server_dnsname_count = 0;
}
found = 0; found = 0;
for (i = 0; i < cert->num_dnsname; i++) { for (i = 0; i < cert->num_dnsname; i++) {
if (ctx->server_dnsname) { if (!ctx->no_osu_cert_validation && ctx->server_dnsname) {
ctx->server_dnsname[ctx->server_dnsname_count] = ctx->server_dnsname[ctx->server_dnsname_count] =
os_strdup(cert->dnsname[i]); os_strdup(cert->dnsname[i]);
if (ctx->server_dnsname[ctx->server_dnsname_count]) if (ctx->server_dnsname[ctx->server_dnsname_count])