hs20-osu-client: dNSName values from OSU server certificate for PPS MO
The previous change to allow EST server to use a different host name
ended up overriding the OSU server certificate information and the
incorrect server certificate was used when comparing the SP FQDN from
the PPS MO if the OSU and EST servers where different. Fix this by
keeping the dNSName from the SPP interaction and not storing the values
from the EST interaction.
Fixes: 0ce8d55a2e
("hs20-osu-client: Allow EST server to use different host name")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
ce86f2446f
commit
3085e1a671
1 changed files with 9 additions and 6 deletions
|
@ -2920,15 +2920,18 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
|
|||
else
|
||||
host = get_hostname(ctx->server_url);
|
||||
|
||||
if (!ctx->no_osu_cert_validation) {
|
||||
for (i = 0; i < ctx->server_dnsname_count; i++)
|
||||
os_free(ctx->server_dnsname[i]);
|
||||
os_free(ctx->server_dnsname);
|
||||
ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
|
||||
ctx->server_dnsname = os_calloc(cert->num_dnsname,
|
||||
sizeof(char *));
|
||||
ctx->server_dnsname_count = 0;
|
||||
}
|
||||
|
||||
found = 0;
|
||||
for (i = 0; i < cert->num_dnsname; i++) {
|
||||
if (ctx->server_dnsname) {
|
||||
if (!ctx->no_osu_cert_validation && ctx->server_dnsname) {
|
||||
ctx->server_dnsname[ctx->server_dnsname_count] =
|
||||
os_strdup(cert->dnsname[i]);
|
||||
if (ctx->server_dnsname[ctx->server_dnsname_count])
|
||||
|
|
Loading…
Reference in a new issue