Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 6cb1f6521a84955752c2b99100cf1df87637f86c^! / . / hs20 / client / est.c
commit6cb1f6521a84955752c2b99100cf1df87637f86c[log] [tgz]
authorDmitry Shmidt <dimitrysh@google.com>Fri Mar 21 10:54:03 2014 -0700
committerDmitry Shmidt <dimitrysh@google.com>Fri Mar 21 10:57:58 2014 -0700
tree78cfdb37785edace7c8d06ccad3925210201c157
parentb36ed7cd946148d829f311de8fe53ea3ffaaffe3 [diff] [blame]
Cumulative patch from commit 20ff2642e192437245422c9654463bcebf65b277

20ff264 WPS: Clear WPS data on init failure
f19e370 WPS: Do not advertise WPA/WPA2-Enterprise Auth Type Flags
1b5df9e nl80211: Do not indicate scan started event on scan_for_auth
bb23826 HS 2.0R2: Clean up debug log during exit path
48408fc HS 2.0R2: Do not mandate OCSP response for EST operations
8f60293 HS 2.0R2: Do not use OSU cert validation for EST
40bdcea HS 2.0R2: Configure OSU client trust root more consistently
4d65ded HS 2.0R2: Clean up debug from libcurl

Change-Id: I44aa20ac92abf03ea7b47f1ecad72dc07a0870d9
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

diff --git a/hs20/client/est.c b/hs20/client/est.c
index c1d514a..ec05bc4 100644
--- a/hs20/client/est.c
+++ b/hs20/client/est.c

@@ -1,6 +1,6 @@
 /*
  * Hotspot 2.0 OSU client - EST client
- * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
+ * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
  *
  * This software may be distributed under the terms of the BSD license.
  * See README for more details.
@@ -108,8 +108,13 @@
 	os_snprintf(buf, buflen, "%s/cacerts", url);
 	wpa_printf(MSG_INFO, "Download EST cacerts from %s", buf);
 	write_summary(ctx, "Download EST cacerts from %s", buf);
+	ctx->no_osu_cert_validation = 1;
+	http_ocsp_set(ctx->http, 1);
 	res = http_download_file(ctx->http, buf, "Cert/est-cacerts.txt",
 				 ctx->ca_fname);
+	http_ocsp_set(ctx->http,
+		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
+	ctx->no_osu_cert_validation = 0;
 	if (res < 0) {
 		wpa_printf(MSG_INFO, "Failed to download EST cacerts from %s",
 			   buf);
@@ -550,8 +555,13 @@
 	os_snprintf(buf, buflen, "%s/csrattrs", url);
 	wpa_printf(MSG_INFO, "Download csrattrs from %s", buf);
 	write_summary(ctx, "Download EST csrattrs from %s", buf);
+	ctx->no_osu_cert_validation = 1;
+	http_ocsp_set(ctx->http, 1);
 	res = http_download_file(ctx->http, buf, "Cert/est-csrattrs.txt",
 				 ctx->ca_fname);
+	http_ocsp_set(ctx->http,
+		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
+	ctx->no_osu_cert_validation = 0;
 	os_free(buf);
 	if (res < 0) {
 		wpa_printf(MSG_INFO, "Failed to download EST csrattrs - assume no extra attributes are needed");
@@ -647,10 +657,15 @@
 		os_snprintf(buf, buflen, "%s/simpleenroll", url);
 	wpa_printf(MSG_INFO, "EST simpleenroll URL: %s", buf);
 	write_summary(ctx, "EST simpleenroll URL: %s", buf);
+	ctx->no_osu_cert_validation = 1;
+	http_ocsp_set(ctx->http, 1);
 	resp = http_post(ctx->http, buf, req, "application/pkcs10",
 			 "Content-Transfer-Encoding: base64",
 			 ctx->ca_fname, user, pw, client_cert, client_key,
 			 &resp_len);
+	http_ocsp_set(ctx->http,
+		      (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
+	ctx->no_osu_cert_validation = 0;
 	os_free(buf);
 	if (resp == NULL) {
 		wpa_printf(MSG_INFO, "EST certificate enrollment failed");