aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto/tls_openssl.c
diff options
context:
space:
mode:
authorDmitry Shmidt <dimitrysh@google.com>2011-07-07 11:18:38 -0700
committerDmitry Shmidt <dimitrysh@google.com>2011-07-07 11:23:25 -0700
commitc55524ad84d13014e8019491c2b17e5dcf13545a (patch)
tree3c1a0f04ed12cadca7312b1b6f3f0c0caa6018ca /src/crypto/tls_openssl.c
parent13970b010f3e5b274336677311a5586410ecc8fa (diff)
downloadexternal_wpa_supplicant_8-c55524ad84d13014e8019491c2b17e5dcf13545a.zip
external_wpa_supplicant_8-c55524ad84d13014e8019491c2b17e5dcf13545a.tar.gz
external_wpa_supplicant_8-c55524ad84d13014e8019491c2b17e5dcf13545a.tar.bz2
Accumulative patch from commit 8fd0f0f323a922aa88ec720ee524f7105d3b0f64
Fix D-Bus build without CONFIG_P2P=y nl80211: Allow AP mode to be started without monitor interface nl80211: Process association/disassociation events in AP mode DBus/P2P: Adding decl for PersistentGroupRemoved signal DBus/P2P: Rectified type of SecondaryDeviceTypes in device property Get P2P: Only call dev_lost() for devices that have been dev_found() wpa_cli: Add missing parameter for P2P_GROUP_ADD command wpa_supplicant: Respect PKG_CONFIG variable if set in the environment TLS: Add support for tls_disable_time_checks=1 in client mode hostapd: Clear keys configured when hostapd reloads configuration Add dbus signal for information about server certification Move peer certificate wpa_msg() calls to notify.c wpa_supplicant AP: Disable AP mode on disassoc paths wpa_s AP mode: Enable HT20 if driver supports it Allow PMKSA caching to be disabled on Authenticator FT: Disable PMKSA cache for FT-IEEE8021X FT: Clear SME ft_used/ft_ies when disconnecting 8fd0f0f323a922aa88ec720ee524f7105d3b0f64 Change-Id: I6ae333196c36ffa7589662d5269fabfc3b994605 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Diffstat (limited to 'src/crypto/tls_openssl.c')
-rw-r--r--src/crypto/tls_openssl.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index bf92a11..14ff87e 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1,6 +1,6 @@
/*
* SSL/TLS interface functions for OpenSSL
- * Copyright (c) 2004-2010, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -86,6 +86,8 @@ struct tls_connection {
unsigned int server_cert_only:1;
u8 srv_cert_hash[32];
+
+ unsigned int flags;
};
@@ -1192,6 +1194,13 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
preverify_ok = 1;
if (!preverify_ok && depth > 0 && conn->server_cert_only)
preverify_ok = 1;
+ if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) &&
+ (err == X509_V_ERR_CERT_HAS_EXPIRED ||
+ err == X509_V_ERR_CERT_NOT_YET_VALID)) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: Ignore certificate validity "
+ "time mismatch");
+ preverify_ok = 1;
+ }
err_str = X509_verify_cert_error_string(err);
@@ -2730,6 +2739,8 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
return -1;
}
+ conn->flags = params->flags;
+
tls_get_errors(tls_ctx);
return 0;
generated by cgit v1.1 at 2024-06-10 18:58:52 +0000