diff --git a/hs20/client/est.c b/hs20/client/est.c index c1d514a98..5346c0993 100644 --- a/hs20/client/est.c +++ b/hs20/client/est.c @@ -1,6 +1,6 @@ /* * Hotspot 2.0 OSU client - EST client - * Copyright (c) 2012-2013, Qualcomm Atheros, Inc. + * Copyright (c) 2012-2014, Qualcomm Atheros, Inc. * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -108,8 +108,10 @@ int est_load_cacerts(struct hs20_osu_client *ctx, const char *url) os_snprintf(buf, buflen, "%s/cacerts", url); wpa_printf(MSG_INFO, "Download EST cacerts from %s", buf); write_summary(ctx, "Download EST cacerts from %s", buf); + ctx->no_osu_cert_validation = 1; res = http_download_file(ctx->http, buf, "Cert/est-cacerts.txt", ctx->ca_fname); + ctx->no_osu_cert_validation = 0; if (res < 0) { wpa_printf(MSG_INFO, "Failed to download EST cacerts from %s", buf); @@ -550,8 +552,10 @@ int est_build_csr(struct hs20_osu_client *ctx, const char *url) os_snprintf(buf, buflen, "%s/csrattrs", url); wpa_printf(MSG_INFO, "Download csrattrs from %s", buf); write_summary(ctx, "Download EST csrattrs from %s", buf); + ctx->no_osu_cert_validation = 1; res = http_download_file(ctx->http, buf, "Cert/est-csrattrs.txt", ctx->ca_fname); + ctx->no_osu_cert_validation = 0; os_free(buf); if (res < 0) { wpa_printf(MSG_INFO, "Failed to download EST csrattrs - assume no extra attributes are needed"); @@ -647,10 +651,12 @@ int est_simple_enroll(struct hs20_osu_client *ctx, const char *url, os_snprintf(buf, buflen, "%s/simpleenroll", url); wpa_printf(MSG_INFO, "EST simpleenroll URL: %s", buf); write_summary(ctx, "EST simpleenroll URL: %s", buf); + ctx->no_osu_cert_validation = 1; resp = http_post(ctx->http, buf, req, "application/pkcs10", "Content-Transfer-Encoding: base64", ctx->ca_fname, user, pw, client_cert, client_key, &resp_len); + ctx->no_osu_cert_validation = 0; os_free(buf); if (resp == NULL) { wpa_printf(MSG_INFO, "EST certificate enrollment failed"); diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c index 6e6de6574..33e641f0c 100644 --- a/hs20/client/osu_client.c +++ b/hs20/client/osu_client.c @@ -302,7 +302,9 @@ static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params, xml_node_get_text_free(ctx->xml, hash); write_summary(ctx, "Download certificate from %s", url); + ctx->no_osu_cert_validation = 1; res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL); + ctx->no_osu_cert_validation = 0; xml_node_get_text_free(ctx->xml, url); if (res < 0) return -1; @@ -2692,7 +2694,8 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert) int found; char *host = NULL; - wpa_printf(MSG_INFO, "osu_cert_cb"); + wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d)", + !ctx->no_osu_cert_validation); host = get_hostname(ctx->server_url); @@ -2736,7 +2739,8 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert) } } - for (j = 0; j < ctx->friendly_name_count; j++) { + for (j = 0; !ctx->no_osu_cert_validation && + j < ctx->friendly_name_count; j++) { int found = 0; for (i = 0; i < cert->num_othername; i++) { if (os_strcmp(cert->othername[i].oid, @@ -2775,7 +2779,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert) logo->hash, logo->hash_len); } - for (j = 0; j < ctx->icon_count; j++) { + for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) { int found = 0; char *name = ctx->icon_filename[j]; size_t name_len = os_strlen(name); @@ -2811,7 +2815,7 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert) } } - for (j = 0; j < ctx->icon_count; j++) { + for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) { int found = 0; for (i = 0; i < cert->num_logo; i++) { diff --git a/hs20/client/osu_client.h b/hs20/client/osu_client.h index 092d6e1ae..9a7059edf 100644 --- a/hs20/client/osu_client.h +++ b/hs20/client/osu_client.h @@ -34,6 +34,7 @@ struct hs20_osu_client { const char *summary_file; const char *ifname; const char *ca_fname; + int no_osu_cert_validation; /* for EST operations */ char *fqdn; char *server_url; struct osu_lang_text friendly_name[MAX_OSU_VALS];