DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL/BoringSSL: Read certificate chain from client_cert on Android

Browse source 
If the keychain holds additional certificates other than the end
certificate, read them into the certificate chain.

Signed-off-by: Paul Stewart <pstew@google.com>
This commit is contained in:
Paul Stewart 2017-01-25 13:59:16 -08:00 committed by Jouni Malinen
parent 92607e91fb
commit 6d08f23f0a
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/crypto/tls_openssl.c
View file

@ -2371,13 +2371,24 @@ static int tls_connection_client_cert(struct tls_connection *conn,
int ret = -1; int ret = -1;
if (bio) { if (bio) {
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
BIO_free(bio);
} }
if (x509) { if (x509) {
if (SSL_use_certificate(conn->ssl, x509) == 1) if (SSL_use_certificate(conn->ssl, x509) == 1)
ret = 0; ret = 0;
X509_free(x509); X509_free(x509);
} }
/* Read additional certificates into the chain. */
while (bio) {
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
if (x509) {
/* Takes ownership of x509 */
SSL_add0_chain_cert(conn->ssl, x509);
} else {
BIO_free(bio);
bio = NULL;
}
}
return ret; return ret;
} }
#endif /* ANDROID */ #endif /* ANDROID */