rpms / wpa_supplicant

Clone
Source Code
GIT

Blame SOURCES/0014-rh1178263-cert_in_cb.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   ae491f828709c90bb841a8a7a23db13ed28baa83
  2.   SOURCES
  3.   0014-rh1178263-cert_in_cb.patch
Blob History Raw
1dabd5 
Backport of:
1dabd5
1dabd5 
commit 483dd6a5e0069d0646505c26a5194eda15472858
1dabd5 
Author: Jouni Malinen <j@w1.fi>
1dabd5 
Date:   Wed Jan 14 12:14:31 2015 +0200
1dabd5
1dabd5 
    Include peer certificate always in EAP events
1dabd5
1dabd5 
    This makes it easier for upper layer applications to get information
1dabd5 
    regarding the server certificate without having to use a special
1dabd5 
    certificate probing connection. This provides both the SHA256 hash of
1dabd5 
    the certificate (to be used with ca_cert="hash://server/sha256/<hash>",
1dabd5 
    if desired) and the full DER encoded X.509 certificate so that upper
1dabd5 
    layer applications can parse and display the certificate easily or
1dabd5 
    extract fields from it for purposes like configuring an altsubject_match
1dabd5 
    or domain_suffix_match.
1dabd5
1dabd5 
    The old behavior can be configured by adding cert_in_cb=0 to
1dabd5 
    wpa_supplicant configuration file.
1dabd5
1dabd5 
    Signed-off-by: Jouni Malinen <j@w1.fi>
1dabd5
1dabd5 
diff -up wpa_supplicant-2.0/wpa_supplicant/config.c.cert-in-cb wpa_supplicant-2.0/wpa_supplicant/config.c
1dabd5 
--- wpa_supplicant-2.0/wpa_supplicant/config.c.cert-in-cb	2015-01-16 08:57:30.532900618 -0500
1dabd5 
+++ wpa_supplicant-2.0/wpa_supplicant/config.c	2015-01-16 08:59:57.437986307 -0500
1dabd5 
@@ -2644,6 +2644,7 @@ struct wpa_config * wpa_config_alloc_emp
1dabd5 
 	config->wmm_ac_params[1] = ac_bk;
1dabd5 
 	config->wmm_ac_params[2] = ac_vi;
1dabd5 
 	config->wmm_ac_params[3] = ac_vo;
1dabd5 
+	config->cert_in_cb = DEFAULT_CERT_IN_CB;
1dabd5
1dabd5 
 	if (ctrl_interface)
1dabd5 
 		config->ctrl_interface = os_strdup(ctrl_interface);
1dabd5 
diff -up wpa_supplicant-2.0/wpa_supplicant/config_file.c.cert-in-cb wpa_supplicant-2.0/wpa_supplicant/config_file.c
1dabd5 
--- wpa_supplicant-2.0/wpa_supplicant/config_file.c.cert-in-cb	2015-01-16 08:57:30.533900626 -0500
1dabd5 
+++ wpa_supplicant-2.0/wpa_supplicant/config_file.c	2015-01-16 09:00:32.265243695 -0500
1dabd5 
@@ -972,6 +972,9 @@ static void wpa_config_write_global(FILE
1dabd5 
 		fprintf(f, "okc=%d\n", config->okc);
1dabd5 
 	if (config->pmf)
1dabd5 
 		fprintf(f, "pmf=%d\n", config->pmf);
1dabd5 
+
1dabd5 
+	if (config->cert_in_cb != DEFAULT_CERT_IN_CB)
1dabd5 
+		fprintf(f, "cert_in_cb=%d\n", config->cert_in_cb);
1dabd5 
 }
1dabd5
1dabd5 
 #endif /* CONFIG_NO_CONFIG_WRITE */
1dabd5 
diff -up wpa_supplicant-2.0/wpa_supplicant/config.h.cert-in-cb wpa_supplicant-2.0/wpa_supplicant/config.h
1dabd5 
--- wpa_supplicant-2.0/wpa_supplicant/config.h.cert-in-cb	2015-01-16 08:57:30.532900618 -0500
1dabd5 
+++ wpa_supplicant-2.0/wpa_supplicant/config.h	2015-01-16 08:59:32.442801582 -0500
1dabd5 
@@ -24,6 +24,7 @@
1dabd5 
 #define DEFAULT_BSS_EXPIRATION_SCAN_COUNT 2
1dabd5 
 #define DEFAULT_MAX_NUM_STA 128
1dabd5 
 #define DEFAULT_ACCESS_NETWORK_TYPE 15
1dabd5 
+#define DEFAULT_CERT_IN_CB 1
1dabd5
1dabd5 
 #include "config_ssid.h"
1dabd5 
 #include "wps/wps.h"
1dabd5 
@@ -797,6 +798,14 @@ struct wpa_config {
1dabd5 
 	 * this default behavior.
1dabd5 
 	 */
1dabd5 
 	enum mfp_options pmf;
1dabd5 
+
1dabd5 
+	/**
1dabd5 
+	 * cert_in_cb - Whether to include a peer certificate dump in events
1dabd5 
+	 *
1dabd5 
+	 * This controls whether peer certificates for authentication server and
1dabd5 
+	 * its certificate chain are included in EAP peer certificate events.
1dabd5 
+	 */
1dabd5 
+	int cert_in_cb;
1dabd5 
 };
1dabd5
1dabd5
1dabd5 
diff -up wpa_supplicant-2.0/wpa_supplicant/wpas_glue.c.cert-in-cb wpa_supplicant-2.0/wpa_supplicant/wpas_glue.c
1dabd5 
--- wpa_supplicant-2.0/wpa_supplicant/wpas_glue.c.cert-in-cb	2013-01-12 10:42:53.000000000 -0500
1dabd5 
+++ wpa_supplicant-2.0/wpa_supplicant/wpas_glue.c	2015-01-16 08:57:30.533900626 -0500
1dabd5 
@@ -790,6 +790,7 @@ int wpa_supplicant_init_eapol(struct wpa
1dabd5 
 	ctx->port_cb = wpa_supplicant_port_cb;
1dabd5 
 	ctx->cb = wpa_supplicant_eapol_cb;
1dabd5 
 	ctx->cert_cb = wpa_supplicant_cert_cb;
1dabd5 
+	ctx->cert_in_cb = wpa_s->conf->cert_in_cb;
1dabd5 
 	ctx->status_cb = wpa_supplicant_status_cb;
1dabd5 
 	ctx->set_anon_id = wpa_supplicant_set_anon_id;
1dabd5 
 	ctx->cb_ctx = wpa_s;
1dabd5 
diff -up wpa_supplicant-2.0/wpa_supplicant/wpa_supplicant.conf.cert-in-cb wpa_supplicant-2.0/wpa_supplicant/wpa_supplicant.conf
1dabd5 
--- wpa_supplicant-2.0/wpa_supplicant/wpa_supplicant.conf.cert-in-cb	2015-01-16 08:57:30.533900626 -0500
1dabd5 
+++ wpa_supplicant-2.0/wpa_supplicant/wpa_supplicant.conf	2015-01-16 08:58:35.707382284 -0500
1dabd5 
@@ -110,6 +110,12 @@ eapol_version=1
1dabd5 
 # networks are found, a new IBSS or AP mode network is created.
1dabd5 
 ap_scan=1
1dabd5
1dabd5 
+# cert_in_cb - Whether to include a peer certificate dump in events
1dabd5 
+# This controls whether peer certificates for authentication server and
1dabd5 
+# its certificate chain are included in EAP peer certificate events. This is
1dabd5 
+# enabled by default.
1dabd5 
+#cert_in_cb=1
1dabd5 
+
1dabd5 
 # EAP fast re-authentication
1dabd5 
 # By default, fast re-authentication is enabled for all EAP methods that
1dabd5 
 # support it. This variable can be used to disable fast re-authentication.

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation