|
@@ -46,7 +46,7 @@ void tlsv1_cred_free(struct tlsv1_credentials *cred)
|
|
static int tlsv1_add_cert_der(struct x509_certificate **chain,
|
|
static int tlsv1_add_cert_der(struct x509_certificate **chain,
|
|
const u8 *buf, size_t len)
|
|
const u8 *buf, size_t len)
|
|
{
|
|
{
|
|
- struct x509_certificate *cert;
|
|
|
|
|
|
+ struct x509_certificate *cert, *p;
|
|
char name[128];
|
|
char name[128];
|
|
|
|
|
|
cert = x509_certificate_parse(buf, len);
|
|
cert = x509_certificate_parse(buf, len);
|
|
@@ -56,8 +56,20 @@ static int tlsv1_add_cert_der(struct x509_certificate **chain,
|
|
return -1;
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
|
|
- cert->next = *chain;
|
|
|
|
- *chain = cert;
|
|
|
|
|
|
+ p = *chain;
|
|
|
|
+ while (p && p->next)
|
|
|
|
+ p = p->next;
|
|
|
|
+ if (p && x509_name_compare(&cert->subject, &p->issuer) == 0) {
|
|
|
|
+ /*
|
|
|
|
+ * The new certificate is the issuer of the last certificate in
|
|
|
|
+ * the chain - add the new certificate to the end.
|
|
|
|
+ */
|
|
|
|
+ p->next = cert;
|
|
|
|
+ } else {
|
|
|
|
+ /* Add to the beginning of the chain */
|
|
|
|
+ cert->next = *chain;
|
|
|
|
+ *chain = cert;
|
|
|
|
+ }
|
|
|
|
|
|
x509_name_string(&cert->subject, name, sizeof(name));
|
|
x509_name_string(&cert->subject, name, sizeof(name));
|
|
wpa_printf(MSG_DEBUG, "TLSv1: Added certificate: %s", name);
|
|
wpa_printf(MSG_DEBUG, "TLSv1: Added certificate: %s", name);
|