wolfSSL: Fix dNSName matching with domain_match and domain_suffix_match

Incorrect gen->type value was used to check whether subjectAltName
contained dNSName entries. This resulted in all domain_match and
domain_suffix_match entries failing to find a match and rejecting the
server certificate. Fix this by checking against the correct type
definition for dNSName.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c
index 41fc946bccae2e95039edaf898637511e9eb30ce..9cf13a9bd6cea890b5339d6fcbc862ea86c8a4a3 100644 (file)
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -690,7 +690,7 @@ static int tls_match_suffix(WOLFSSL_X509 *cert, const char *match, int full)
 
        for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) {
                gen = wolfSSL_sk_value(ext, j);
-               if (gen->type != ALT_NAMES_OID)
+               if (gen->type != ASN_DNS_TYPE)
                        continue;
                dns_name++;
                wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",