mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 10:18:21 -05:00
hs20-osu-client: Validate HTTPS server certificate by default (browser)
This changes "hs20-osu-client browser <URL>" behavior to validate the HTTPS server certificate against the system trust roots. The new command line argument -T can be used to disable this validation. This does not change behavior for SPP/OMA-DM triggered OSU operation, i.e., they continue to not mandate server certificate validation for now to avoid breaking existing test cases. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
61bf9819c1
commit
e33a0eecec
@ -3152,7 +3152,7 @@ static void check_workarounds(struct hs20_osu_client *ctx)
|
||||
|
||||
static void usage(void)
|
||||
{
|
||||
printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
|
||||
printf("usage: hs20-osu-client [-dddqqKtT] [-S<station ifname>] \\\n"
|
||||
" [-w<wpa_supplicant ctrl_iface dir>] "
|
||||
"[-r<result file>] [-f<debug file>] \\\n"
|
||||
" [-s<summary file>] \\\n"
|
||||
@ -3198,7 +3198,7 @@ int main(int argc, char *argv[])
|
||||
return -1;
|
||||
|
||||
for (;;) {
|
||||
c = getopt(argc, argv, "df:hKNo:O:qr:s:S:tw:x:");
|
||||
c = getopt(argc, argv, "df:hKNo:O:qr:s:S:tTw:x:");
|
||||
if (c < 0)
|
||||
break;
|
||||
switch (c) {
|
||||
@ -3236,6 +3236,9 @@ int main(int argc, char *argv[])
|
||||
case 't':
|
||||
wpa_debug_timestamp++;
|
||||
break;
|
||||
case 'T':
|
||||
ctx.ignore_tls = 1;
|
||||
break;
|
||||
case 'w':
|
||||
wpas_ctrl_path = optarg;
|
||||
break;
|
||||
@ -3403,7 +3406,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
wpa_printf(MSG_INFO, "Launch web browser to URL %s",
|
||||
argv[optind + 1]);
|
||||
ret = hs20_web_browser(argv[optind + 1], 1);
|
||||
ret = hs20_web_browser(argv[optind + 1], ctx.ignore_tls);
|
||||
wpa_printf(MSG_INFO, "Web browser result: %d", ret);
|
||||
} else if (strcmp(argv[optind], "parse_cert") == 0) {
|
||||
if (argc - optind < 2) {
|
||||
|
@ -50,6 +50,8 @@ struct hs20_osu_client {
|
||||
const char *osu_ssid; /* Enforced OSU_SSID for testing purposes */
|
||||
#define WORKAROUND_OCSP_OPTIONAL 0x00000001
|
||||
unsigned long int workarounds;
|
||||
int ignore_tls; /* whether to ignore TLS validation issues with HTTPS
|
||||
* server certificate */
|
||||
};
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user