TLS: Reject subject_match, altsubject_match, suffix_match
Validation of these parameters has not been implemented in the internal TLS implementation. Instead of ignoring them silently, reject the configuration to avoid giving incorrect impression of the parameters being used if wpa_supplicant is built with the internal TLS implementation instead of the default OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
f8717ac8b3
commit
59051f8ecf
1 changed files with 15 additions and 0 deletions
|
@ -190,6 +190,21 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|||
if (cred == NULL)
|
||||
return -1;
|
||||
|
||||
if (params->subject_match) {
|
||||
wpa_printf(MSG_INFO, "TLS: subject_match not supported");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (params->altsubject_match) {
|
||||
wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (params->suffix_match) {
|
||||
wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (tlsv1_set_ca_cert(cred, params->ca_cert,
|
||||
params->ca_cert_blob, params->ca_cert_blob_len,
|
||||
params->ca_path)) {
|
||||
|
|
Loading…
Reference in a new issue