Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

schannel: Reject subject_match, altsubject_match, suffix_match

Validation of these parameters has not been implemented with schannel.
Instead of ignoring them silently, reject the configuration to avoid
giving incorrect impression of the parameters being used if
wpa_supplicant is built with schannel instead of the default OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
59051f8ecf
commit
d16694761a
1 changed files with 15 additions and 0 deletions
Split View Show Diff Stats
  1. 15 0
      src/crypto/tls_schannel.c

+ 15 - 0
src/crypto/tls_schannel.c
View File 

@@ -692,6 +692,21 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 
 	if (conn == NULL)
 
 		return -1;
 
 
+	if (params->subject_match) {
 
+		wpa_printf(MSG_INFO, "TLS: subject_match not supported");
 
+		return -1;
 
+	}
 
+
 
+	if (params->altsubject_match) {
 
+		wpa_printf(MSG_INFO, "TLS: altsubject_match not supported");
 
+		return -1;
 
+	}
 
+
 
+	if (params->suffix_match) {
 
+		wpa_printf(MSG_INFO, "TLS: suffix_match not supported");
 
+		return -1;
 
+	}
 
+
 
 	if (global->my_cert_store == NULL &&
 
 	    (global->my_cert_store = CertOpenSystemStore(0, TEXT("MY"))) ==
 
 	    NULL) {