DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Extend server certificate TOD policy reporting to include TOD-TOFU

Browse source 
The previously used single TOD policy was split into two policies:
TOD-STRICT and TOD-TOFU. Report these separately in the
CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for
TOD-TOFU).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-08-16 15:51:40 +03:00 committed by Jouni Malinen
parent 346d10cf82
commit a647a0ad75
2 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/crypto/tls_openssl.c
View file

@ -2186,7 +2186,9 @@ static int openssl_cert_tod(X509 *cert)
continue;
wpa_printf(MSG_DEBUG, "OpenSSL: Certificate Policy %s", buf);
if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.1") == 0)
tod = 1;
tod = 1; /* TOD-STRICT */
else if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.2") == 0 && !tod)
tod = 2; /* TOD-TOFU */
}
return tod;