From: Jouni Malinen <quic_jouni@quicinc.com>
Date: Fri, 11 Mar 2022 17:47:30 +0000 (+0200)
Subject: hs20-osu-client: Allow EST server to use different host name
X-Git-Tag: hostap_2_11~2165
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ce8d55a2e1bef3c9891222b84c8b69e4da66912;p=thirdparty%2Fhostap.git

hs20-osu-client: Allow EST server to use different host name

The EST server does not have to be sharing the same host name with the
OSU server. Use the host name from the EST URL instead of the SPP server
URL when validating the EST server certificate.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---

diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
index bf78548a9..7ab2a3746 100644
--- a/hs20/client/osu_client.c
+++ b/hs20/client/osu_client.c
@@ -2911,10 +2911,14 @@ static int osu_cert_cb(void *_ctx, struct http_cert *cert)
 	int found;
 	char *host = NULL;
 
-	wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s)",
-		   !ctx->no_osu_cert_validation, ctx->server_url);
+	wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s server_url=%s)",
+		   !ctx->no_osu_cert_validation, cert->url ? cert->url : "N/A",
+		   ctx->server_url);
 
-	host = get_hostname(ctx->server_url);
+	if (ctx->no_osu_cert_validation && cert->url)
+		host = get_hostname(cert->url);
+	else
+		host = get_hostname(ctx->server_url);
 
 	for (i = 0; i < ctx->server_dnsname_count; i++)
 		os_free(ctx->server_dnsname[i]);