Notify the framework when TLS certificate
verification fails.

Notification can be sent using the existing
OpenSSL failure callback. See ag/17108489
for more information about the existing
callbacks.

Bug: 296398808
Test: Manual Test
       1. Follow the Test Setup Instructions
          doc to connect to WPA-Enterprise
	  using EAP-TTLS.
       2. Set all fields correctly, but select
          "Use system certificates" for the
	  CA Certificate field.
       3. Check that the expected OpenSSL
          failure event is generated.
Change-Id: I6c67240887ad5198c021689fe68f6ad1cd3d114d
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 8338c47..ff7dc1e 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -2207,6 +2207,14 @@
 	return -1;
 }
 
+void tls_openssl_failure_callback(void* ctx, const char* msg) {
+	if (ctx == NULL || msg == NULL) return;
+	struct eap_sm *sm = (struct eap_sm*) ctx;
+	if (sm->eapol_cb && sm->eapol_cb->notify_open_ssl_failure) {
+		sm->eapol_cb->notify_open_ssl_failure(sm->eapol_ctx, msg);
+	}
+}
+
 /**
  * eap_peer_sm_init - Allocate and initialize EAP peer state machine
  * @eapol_ctx: Context data to be used with eapol_cb calls
@@ -2251,6 +2259,7 @@
 	tlsconf.cb_ctx = sm;
 	tlsconf.cert_in_cb = conf->cert_in_cb;
 	tls_register_cert_callback(&tls_certificate_callback);
+	tls_register_openssl_failure_callback(&tls_openssl_failure_callback);
 	sm->ssl_ctx = tls_init(&tlsconf);
 	if (sm->ssl_ctx == NULL) {
 		wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "