DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

wolfSSL: Support both DER and PEM blobs

Browse source 
Add support for loading private keys and certificates in both PEM and
DER formats with wolfSSL.

Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
This commit is contained in:
Juliusz Sosinowicz 2022-04-29 16:18:38 +02:00 committed by Jouni Malinen
parent 924fa4c5d9
commit ec1cd91e72
1 changed files with 32 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

36
src/crypto/tls_wolfssl.c
View file

@ -452,8 +452,14 @@ static int tls_connection_client_cert(struct tls_connection *conn,
SSL_FILETYPE_ASN1) != SSL_SUCCESS) { SSL_FILETYPE_ASN1) != SSL_SUCCESS) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"SSL: use client cert DER blob failed"); "SSL: use client cert DER blob failed");
if (wolfSSL_use_certificate_chain_buffer_format(
conn->ssl, client_cert_blob, blob_len,
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
wpa_printf(MSG_INFO,
"SSL: use client cert PEM blob failed");
return -1; return -1;
} }
}
wpa_printf(MSG_DEBUG, "SSL: use client cert blob OK"); wpa_printf(MSG_DEBUG, "SSL: use client cert blob OK");
return 0; return 0;
} }
@ -514,23 +520,35 @@ static int tls_connection_private_key(void *tls_ctx,
if (private_key_blob) { if (private_key_blob) {
if (wolfSSL_use_PrivateKey_buffer(conn->ssl, if (wolfSSL_use_PrivateKey_buffer(conn->ssl,
private_key_blob, blob_len, private_key_blob, blob_len,
SSL_FILETYPE_ASN1) <= 0) { SSL_FILETYPE_ASN1) !=
SSL_SUCCESS) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"SSL: use private DER blob failed"); "SSL: use private DER blob failed");
if (wolfSSL_use_PrivateKey_buffer(
conn->ssl,
private_key_blob, blob_len,
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
wpa_printf(MSG_INFO,
"SSL: use private PEM blob failed");
} else { } else {
wpa_printf(MSG_DEBUG, "SSL: use private key blob OK");
ok = 1; ok = 1;
} }
} else {
ok = 1;
}
if (ok)
wpa_printf(MSG_DEBUG, "SSL: use private key blob OK");
} }
if (!ok && private_key) { if (!ok && private_key) {
if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key,
SSL_FILETYPE_PEM) <= 0) { SSL_FILETYPE_PEM) !=
SSL_SUCCESS) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"SSL: use private key PEM file failed"); "SSL: use private key PEM file failed");
if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key,
SSL_FILETYPE_ASN1) <= 0) SSL_FILETYPE_ASN1) !=
{ SSL_SUCCESS) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"SSL: use private key DER file failed"); "SSL: use private key DER file failed");
} else { } else {
@ -1178,9 +1196,15 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn,
if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_blob, blob_len, if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_blob, blob_len,
SSL_FILETYPE_ASN1) != SSL_FILETYPE_ASN1) !=
SSL_SUCCESS) { SSL_SUCCESS) {
wpa_printf(MSG_INFO, "SSL: failed to load CA blob"); wpa_printf(MSG_INFO, "SSL: failed to load DER CA blob");
if (wolfSSL_CTX_load_verify_buffer(
ctx, ca_cert_blob, blob_len,
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
wpa_printf(MSG_INFO,
"SSL: failed to load PEM CA blob");
return -1; return -1;
} }
}
wpa_printf(MSG_DEBUG, "SSL: use CA cert blob OK"); wpa_printf(MSG_DEBUG, "SSL: use CA cert blob OK");
return 0; return 0;
} }