]> git.ipfire.org Git - thirdparty/hostap.git/blobdiff - hs20/client/est.c
projects / thirdparty / hostap.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
HS 2.0R2: Do not mandate OCSP response for EST operations
[thirdparty/hostap.git] / hs20 / client / est.c
diff --git a/hs20/client/est.c b/hs20/client/est.c
index 5346c0993992574f303a4a44cac92747ce0be62c..ec05bc4e0f62b67186414516b708b57b25539f5d 100644 (file)
--- a/hs20/client/est.c
+++ b/hs20/client/est.c
@@ -109,8 +109,11 @@ int est_load_cacerts(struct hs20_osu_client *ctx, const char *url)
        wpa_printf(MSG_INFO, "Download EST cacerts from %s", buf);
        write_summary(ctx, "Download EST cacerts from %s", buf);
        ctx->no_osu_cert_validation = 1;
+       http_ocsp_set(ctx->http, 1);
        res = http_download_file(ctx->http, buf, "Cert/est-cacerts.txt",
                                 ctx->ca_fname);
+       http_ocsp_set(ctx->http,
+                     (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
        ctx->no_osu_cert_validation = 0;
        if (res < 0) {
                wpa_printf(MSG_INFO, "Failed to download EST cacerts from %s",
@@ -553,8 +556,11 @@ int est_build_csr(struct hs20_osu_client *ctx, const char *url)
        wpa_printf(MSG_INFO, "Download csrattrs from %s", buf);
        write_summary(ctx, "Download EST csrattrs from %s", buf);
        ctx->no_osu_cert_validation = 1;
+       http_ocsp_set(ctx->http, 1);
        res = http_download_file(ctx->http, buf, "Cert/est-csrattrs.txt",
                                 ctx->ca_fname);
+       http_ocsp_set(ctx->http,
+                     (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
        ctx->no_osu_cert_validation = 0;
        os_free(buf);
        if (res < 0) {
@@ -652,10 +658,13 @@ int est_simple_enroll(struct hs20_osu_client *ctx, const char *url,
        wpa_printf(MSG_INFO, "EST simpleenroll URL: %s", buf);
        write_summary(ctx, "EST simpleenroll URL: %s", buf);
        ctx->no_osu_cert_validation = 1;
+       http_ocsp_set(ctx->http, 1);
        resp = http_post(ctx->http, buf, req, "application/pkcs10",
                         "Content-Transfer-Encoding: base64",
                         ctx->ca_fname, user, pw, client_cert, client_key,
                         &resp_len);
+       http_ocsp_set(ctx->http,
+                     (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
        ctx->no_osu_cert_validation = 0;
        os_free(buf);
        if (resp == NULL) {
Unnamed repository; edit this file 'description' to name the repository.