mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
OpenSSL: Fix PKCS#12 extra certificate handling
Previously, the possible extra certificate(s) from a PKCS#12 file was added once for each authentication attempt. This resulted in OpenSSL concatenating the certificates multiple time (add one copy for each try during the wpa_supplicant process lifetime). Fix this by clearing the extra chain certificates before adding new ones when using OpenSSL 1.0.1 or newer that include the needed function. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
6da3b745f1
commit
0d2c0e6776
@ -2112,6 +2112,9 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
|
||||
}
|
||||
|
||||
if (certs) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
||||
SSL_CTX_clear_extra_chain_certs(ssl_ctx);
|
||||
#endif /* OPENSSL_VERSION_NUMBER >= 0x10001000L */
|
||||
while ((cert = sk_X509_pop(certs)) != NULL) {
|
||||
X509_NAME_oneline(X509_get_subject_name(cert), buf,
|
||||
sizeof(buf));
|
||||
|
Loading…
Reference in New Issue
Block a user