Notify the framework when TLS certificate
verification fails.
Notification can be sent using the existing
OpenSSL failure callback. See ag/17108489
for more information about the existing
callbacks.
Bug: 296398808
Test: Manual Test
1. Follow the Test Setup Instructions
doc to connect to WPA-Enterprise
using EAP-TTLS.
2. Set all fields correctly, but select
"Use system certificates" for the
CA Certificate field.
3. Check that the expected OpenSSL
failure event is generated.
Change-Id: I6c67240887ad5198c021689fe68f6ad1cd3d114d
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 8338c47..ff7dc1e 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2207,6 +2207,14 @@
return -1;
}
+void tls_openssl_failure_callback(void* ctx, const char* msg) {
+ if (ctx == NULL || msg == NULL) return;
+ struct eap_sm *sm = (struct eap_sm*) ctx;
+ if (sm->eapol_cb && sm->eapol_cb->notify_open_ssl_failure) {
+ sm->eapol_cb->notify_open_ssl_failure(sm->eapol_ctx, msg);
+ }
+}
+
/**
* eap_peer_sm_init - Allocate and initialize EAP peer state machine
* @eapol_ctx: Context data to be used with eapol_cb calls
@@ -2251,6 +2259,7 @@
tlsconf.cb_ctx = sm;
tlsconf.cert_in_cb = conf->cert_in_cb;
tls_register_cert_callback(&tls_certificate_callback);
+ tls_register_openssl_failure_callback(&tls_openssl_failure_callback);
sm->ssl_ctx = tls_init(&tlsconf);
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "