OpenSSL: Add 'check_cert_subject' support for TLS server

This patch added 'check_cert_subject' support to match the value of
every field against the DN of the subject in the client certificate. If
the values do not match, the certificate verification will fail and will
reject the user.

This option allows hostapd to match every individual field in the right
order, also allow '*' character as a wildcard (e.g OU=Development*).

Note: hostapd will match string up to 'wildcard' against the DN of the
subject in the client certificate for every individual field.

Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com>
Signed-off-by: Jared Bents <jared.bents@rockwellcollins.com>
Signed-off-by: Jouni Malinen <j@w1.fi>

src/eap_peer/eap_tls_common.c

@@ -116,6 +116,7 @@ static void eap_tls_params_from_conf1(struct tls_connection_params *params,
 	params->dh_file = config->dh_file;
 	params->subject_match = config->subject_match;
 	params->altsubject_match = config->altsubject_match;
+	params->check_cert_subject = config->check_cert_subject;
 	params->suffix_match = config->domain_suffix_match;
 	params->domain_match = config->domain_match;
 	params->engine = config->engine;
@@ -139,6 +140,7 @@ static void eap_tls_params_from_conf2(struct tls_connection_params *params,
 	params->dh_file = config->dh_file2;
 	params->subject_match = config->subject_match2;
 	params->altsubject_match = config->altsubject_match2;
+	params->check_cert_subject = config->check_cert_subject2;
 	params->suffix_match = config->domain_suffix_match2;
 	params->domain_match = config->domain_match2;
 	params->engine = config->engine2;