From: Jouni Malinen <j@w1.fi>
Date: Sun, 11 Jan 2015 11:05:28 +0000 (+0200)
Subject: GnuTLS: Check for any unknown verification failure
X-Git-Tag: hostap_2_4~445
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4bc13bf709850eb7844c5cb8351e2acd30d25ed9;p=thirdparty%2Fhostap.git

GnuTLS: Check for any unknown verification failure

After having checked all known GNUTLS_CERT_* error cases that we care
about, check that no other errors have been indicated by
gnutls_certificate_verify_peers2() as a reason to reject negotiation.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index cfee60665..cdfb4f9c7 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -713,6 +713,13 @@ static int tls_connection_verify_peer(gnutls_session_t session)
 		goto out;
 	}
 
+	if (status != 0) {
+		wpa_printf(MSG_INFO, "TLS: Unknown verification status: %d",
+			   status);
+		err = GNUTLS_A_INTERNAL_ERROR;
+		goto out;
+	}
+
 	os_get_time(&now);
 
 	certs = gnutls_certificate_get_peers(session, &num_certs);