hs20-osu-client: dNSName values from OSU server certificate for PPS MO

The previous change to allow EST server to use a different host name
ended up overriding the OSU server certificate information and the
incorrect server certificate was used when comparing the SP FQDN from
the PPS MO if the OSU and EST servers where different. Fix this by
keeping the dNSName from the SPP interaction and not storing the values
from the EST interaction.

Fixes: 0ce8d55a2e1b ("hs20-osu-client: Allow EST server to use different host name")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
index 7ab2a37463fbb00d9154fcfb3184bc99c2cd9e59..f9600250bb80f5730fadb4fbd0a696a673c7d074 100644 (file)
--- a/hs20/client/osu_client.c
+++ b/hs20/client/osu_client.c
@@ -2920,15 +2920,18 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
        else
                host = get_hostname(ctx->server_url);
 
-       for (i = 0; i < ctx->server_dnsname_count; i++)
-               os_free(ctx->server_dnsname[i]);
-       os_free(ctx->server_dnsname);
-       ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
-       ctx->server_dnsname_count = 0;
+       if (!ctx->no_osu_cert_validation) {
+               for (i = 0; i < ctx->server_dnsname_count; i++)
+                       os_free(ctx->server_dnsname[i]);
+               os_free(ctx->server_dnsname);
+               ctx->server_dnsname = os_calloc(cert->num_dnsname,
+                                               sizeof(char *));
+               ctx->server_dnsname_count = 0;
+       }
 
        found = 0;
        for (i = 0; i < cert->num_dnsname; i++) {
-               if (ctx->server_dnsname) {
+               if (!ctx->no_osu_cert_validation && ctx->server_dnsname) {
                        ctx->server_dnsname[ctx->server_dnsname_count] =
                                os_strdup(cert->dnsname[i]);
                        if (ctx->server_dnsname[ctx->server_dnsname_count])