wolfssl: Generate events when OCSP status is revoked

author Juliusz Sosinowicz <juliusz@wolfssl.com>

Thu, 4 Apr 2024 18:16:19 +0000 (20:16 +0200)

committer Jouni Malinen <j@w1.fi>

Sun, 2 Feb 2025 17:02:59 +0000 (19:02 +0200)
author Juliusz Sosinowicz <juliusz@wolfssl.com>
Thu, 4 Apr 2024 18:16:19 +0000 (20:16 +0200)
committer Jouni Malinen <j@w1.fi>
Sun, 2 Feb 2025 17:02:59 +0000 (19:02 +0200)
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c

index e6c101e73ce7f21fe9b0ea0722164e6059b2239f..fa99915d0683c2da201b3e668c9f0f9012d9c6eb 100644 (file)
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -1864,6 +1864,22 @@ static struct wpabuf * wolfssl_handshake(struct tls_connection *conn,
                                    wolfSSL_ERR_error_string(err, msg));
                         conn->failed++;
                 }
+
+               /* Generate extra events */
+               if (err == OCSP_CERT_REVOKED ||
+                   err == BAD_CERTIFICATE_STATUS_ERROR ||
+                   err == OCSP_CERT_REVOKED) {
+                       char buf[256];
+                       WOLFSSL_X509 *err_cert;
+
+                       err_cert = wolfSSL_get_peer_certificate(conn->ssl);
+                       wolfSSL_X509_NAME_oneline(
+                               wolfSSL_X509_get_subject_name(err_cert),
+                               buf, sizeof(buf));
+                       wolfssl_tls_fail_event(conn, err_cert, err, 0, buf,
+                                              "bad certificate status response",
+                                              TLS_FAIL_UNSPECIFIED);
+               }
         }
  
         return conn->output.out_data;
author	Juliusz Sosinowicz <juliusz@wolfssl.com>
	Thu, 4 Apr 2024 18:16:19 +0000 (20:16 +0200)
committer	Jouni Malinen <j@w1.fi>
	Sun, 2 Feb 2025 17:02:59 +0000 (19:02 +0200)