]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e0d431a)
GnuTLS: Check for any unknown verification failure
authorJouni Malinen <j@w1.fi>
Sun, 11 Jan 2015 11:05:28 +0000 (13:05 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 11 Jan 2015 22:19:21 +0000 (00:19 +0200)
After having checked all known GNUTLS_CERT_* error cases that we care
about, check that no other errors have been indicated by
gnutls_certificate_verify_peers2() as a reason to reject negotiation.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/crypto/tls_gnutls.c patch | blob | blame | history

diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index cfee6066597fd633083b8c298b5d76e970790ac0..cdfb4f9c7a1363d299a2c79aa0ded9aa7ff907ba 100644 (file)
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -713,6 +713,13 @@ static int tls_connection_verify_peer(gnutls_session_t session)
                goto out;
        }
 
+       if (status != 0) {
+               wpa_printf(MSG_INFO, "TLS: Unknown verification status: %d",
+                          status);
+               err = GNUTLS_A_INTERNAL_ERROR;
+               goto out;
+       }
+
        os_get_time(&now);
 
        certs = gnutls_certificate_get_peers(session, &num_certs);
Unnamed repository; edit this file 'description' to name the repository.