Extend server certificate TOD policy reporting to include TOD-TOFU

The previously used single TOD policy was split into two policies:
TOD-STRICT and TOD-TOFU. Report these separately in the
CTRL-EVENT-EAP-PEER-CERT events (tod=1 for TOD-STRICT and tod=2 for
TOD-TOFU).

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-08-16 15:51:40 +03:00 committed by Jouni Malinen
parent 346d10cf82
commit a647a0ad75
2 changed files with 6 additions and 3 deletions

View File

@ -2186,7 +2186,9 @@ static int openssl_cert_tod(X509 *cert)
continue; continue;
wpa_printf(MSG_DEBUG, "OpenSSL: Certificate Policy %s", buf); wpa_printf(MSG_DEBUG, "OpenSSL: Certificate Policy %s", buf);
if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.1") == 0) if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.1") == 0)
tod = 1; tod = 1; /* TOD-STRICT */
else if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.2") == 0 && !tod)
tod = 2; /* TOD-TOFU */
} }
return tod; return tod;

View File

@ -794,10 +794,11 @@ void wpas_notify_certification(struct wpa_supplicant *wpa_s,
int i; int i;
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT
"depth=%d subject='%s'%s%s%s", "depth=%d subject='%s'%s%s%s%s",
cert->depth, cert->subject, cert_hash ? " hash=" : "", cert->depth, cert->subject, cert_hash ? " hash=" : "",
cert_hash ? cert_hash : "", cert_hash ? cert_hash : "",
cert->tod ? " tod=1" : ""); cert->tod == 2 ? " tod=2" : "",
cert->tod == 1 ? " tod=1" : "");
if (cert->cert) { if (cert->cert) {
char *cert_hex; char *cert_hex;