aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-08-18 02:24:06 +0300
committerVidyullatha Kanchanapally <vidyullatha@codeaurora.org>2016-01-11 07:52:51 +0530
commit039f04167ce4b4d3188ad002b4505678ec05cd80 (patch)
tree25d891a2fb58956810af39c778326da6d7d18b77 /src/crypto
parentcdb95a67b1e219426296f44c097aaf5120bc72fe (diff)
downloadandroid_external_wpa_supplicant_8-039f04167ce4b4d3188ad002b4505678ec05cd80.tar.gz
android_external_wpa_supplicant_8-039f04167ce4b4d3188ad002b4505678ec05cd80.tar.bz2
android_external_wpa_supplicant_8-039f04167ce4b4d3188ad002b4505678ec05cd80.zip
OpenSSL: Reject OCSP-required configuration if no OCSP support
This is needed at least with BoringSSL to avoid accepting OCSP-required configuration with a TLS library that does not support OCSP stapling. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Git-commit: 355a5c8ec55434858ee9158298a2e984c2abde5c Git-repo : git://w1.fi/srv/git/hostap.git Change-Id: Ia72ce79f16178de5cca1116ab9bca8fc9c9ef603 CRs-fixed: 960177
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/tls_openssl.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 844ff8e1..56d5120c 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3590,6 +3590,16 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
SSL_CTX_set_tlsext_status_arg(ssl_ctx, conn);
}
+#else /* HAVE_OCSP */
+ if (params->flags & TLS_CONN_REQUIRE_OCSP) {
+ wpa_printf(MSG_INFO,
+ "OpenSSL: No OCSP support included - reject configuration");
+ return -1;
+ }
+ if (params->flags & TLS_CONN_REQUEST_OCSP) {
+ wpa_printf(MSG_DEBUG,
+ "OpenSSL: No OCSP support included - allow optional OCSP case to continue");
+ }
#endif /* HAVE_OCSP */
conn->flags = params->flags;
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-31 11:59:49 +0000