NIAP: Log certificate validation failure for audit. Bug: 70886042 Test: attempt connecting to EAP-TLS wifi with self-signed cert. Change-Id: Ic61de6bcd6b0494e5ecc0f1ff97af7c36f56d8f8

commit: 4d8552e9d137f0aab7d64e1476b7f892d0468aeb [log] [tgz]
author: Pavel Grafov <pgrafov@google.com> Tue Feb 06 11:28:29 2018 +0000
committer: Pavel Grafov <pgrafov@google.com> Tue Feb 13 15:12:36 2018 +0000
tree: 93204a3fdf693a0ea4c51615a732fcbd8973c1c1
parent: 3fcb563f763eef4ea1255be88aa12e9a631c665c [diff] [blame]
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 988c9d2..7243d9f 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c

@@ -116,6 +116,20 @@
 #include <openssl/pem.h>
 #include <keystore/keystore_get.h>
 
+#include <log/log.h>
+#include <log/log_event_list.h>
+
+#define CERT_VALIDATION_FAILURE 210033
+
+static void log_cert_validation_failure(const char *reason)
+{
+	android_log_context ctx = create_android_logger(CERT_VALIDATION_FAILURE);
+	android_log_write_string8(ctx, reason);
+	android_log_write_list(ctx, LOG_ID_SECURITY);
+	android_log_destroy(&ctx);
+}
+
+
 static BIO * BIO_from_keystore(const char *key)
 {
 	BIO *bio = NULL;
@@ -1787,6 +1801,10 @@
 	struct wpabuf *cert = NULL;
 	struct tls_context *context = conn->context;
 
+#ifdef ANDROID
+	log_cert_validation_failure(err_str);
+#endif
+
 	if (context->event_cb == NULL)
 		return;
commit	4d8552e9d137f0aab7d64e1476b7f892d0468aeb	[log] [tgz]
author	Pavel Grafov <pgrafov@google.com>	Tue Feb 06 11:28:29 2018 +0000
committer	Pavel Grafov <pgrafov@google.com>	Tue Feb 13 15:12:36 2018 +0000
tree	93204a3fdf693a0ea4c51615a732fcbd8973c1c1
parent	3fcb563f763eef4ea1255be88aa12e9a631c665c [diff] [blame]