OpenSSL: Fix OCSP certificate debug print to use wpa_printf
Instead of using X509_print_fp() to print directly to stdout, print the certificate dump to a memory BIO and use wpa_printf() to get this into the debug log. This allows redirection of debug log to work better and avoids undesired stdout prints when debugging is not enabled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
9e669cb5ff
commit
4eb3b76b0f
1 changed files with 36 additions and 2 deletions
|
@ -2968,6 +2968,41 @@ static void ocsp_debug_print_resp(OCSP_RESPONSE *rsp)
|
|||
}
|
||||
|
||||
|
||||
static void debug_print_cert(X509 *cert, const char *title)
|
||||
{
|
||||
#ifndef CONFIG_NO_STDOUT_DEBUG
|
||||
BIO *out;
|
||||
size_t rlen;
|
||||
char *txt;
|
||||
int res;
|
||||
|
||||
if (wpa_debug_level > MSG_DEBUG)
|
||||
return;
|
||||
|
||||
out = BIO_new(BIO_s_mem());
|
||||
if (!out)
|
||||
return;
|
||||
|
||||
X509_print(out, cert);
|
||||
rlen = BIO_ctrl_pending(out);
|
||||
txt = os_malloc(rlen + 1);
|
||||
if (!txt) {
|
||||
BIO_free(out);
|
||||
return;
|
||||
}
|
||||
|
||||
res = BIO_read(out, txt, rlen);
|
||||
if (res > 0) {
|
||||
txt[res] = '\0';
|
||||
wpa_printf(MSG_DEBUG, "OpenSSL: %s\n%s", title, txt);
|
||||
}
|
||||
os_free(txt);
|
||||
|
||||
BIO_free(out);
|
||||
#endif /* CONFIG_NO_STDOUT_DEBUG */
|
||||
}
|
||||
|
||||
|
||||
static int ocsp_resp_cb(SSL *s, void *arg)
|
||||
{
|
||||
struct tls_connection *conn = arg;
|
||||
|
@ -3011,8 +3046,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)
|
|||
|
||||
store = SSL_CTX_get_cert_store(s->ctx);
|
||||
if (conn->peer_issuer) {
|
||||
wpa_printf(MSG_DEBUG, "OpenSSL: Add issuer");
|
||||
X509_print_fp(stdout, conn->peer_issuer);
|
||||
debug_print_cert(conn->peer_issuer, "Add OCSP issuer");
|
||||
|
||||
if (X509_STORE_add_cert(store, conn->peer_issuer) != 1) {
|
||||
tls_show_errors(MSG_INFO, __func__,
|
||||
|
|
Loading…
Reference in a new issue