156 lines
4.7 KiB
Diff
156 lines
4.7 KiB
Diff
diff -up wpa_supplicant-0.5.7/tls_openssl.c.ignore-dup-ca-cert-addition wpa_supplicant-0.5.7/tls_openssl.c
|
|
--- wpa_supplicant-0.5.7/tls_openssl.c.ignore-dup-ca-cert-addition 2006-11-29 23:50:28.000000000 -0500
|
|
+++ wpa_supplicant-0.5.7/tls_openssl.c 2007-11-13 11:19:30.000000000 -0500
|
|
@@ -1105,11 +1105,21 @@ static int tls_connection_ca_cert(void *
|
|
}
|
|
|
|
if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
|
|
+ unsigned long err = ERR_peek_error();
|
|
+
|
|
tls_show_errors(MSG_WARNING, __func__,
|
|
"Failed to add ca_cert_blob to "
|
|
"certificate store");
|
|
- X509_free(cert);
|
|
- return -1;
|
|
+
|
|
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
|
|
+ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
|
|
+ "cert already in hash table error",
|
|
+ __func__);
|
|
+ } else {
|
|
+ X509_free(cert);
|
|
+ return -1;
|
|
+ }
|
|
}
|
|
X509_free(cert);
|
|
wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob "
|
|
@@ -1259,15 +1269,28 @@ static int tls_connection_client_cert(st
|
|
if (client_cert == NULL && client_cert_blob == NULL)
|
|
return 0;
|
|
|
|
- if (client_cert_blob &&
|
|
- SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
|
|
+ if (client_cert_blob) {
|
|
+ if (SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob,
|
|
client_cert_blob_len) == 1) {
|
|
- wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> "
|
|
- "OK");
|
|
- return 0;
|
|
- } else if (client_cert_blob) {
|
|
- tls_show_errors(MSG_DEBUG, __func__,
|
|
- "SSL_use_certificate_ASN1 failed");
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1"
|
|
+ " --> OK");
|
|
+ return 0;
|
|
+ } else {
|
|
+ unsigned long err = ERR_peek_error();
|
|
+
|
|
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
|
|
+ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
|
|
+ "cert already in hash table error",
|
|
+ __func__);
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: "
|
|
+ "SSL_use_certificate_ASN1 --> OK");
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ tls_show_errors(MSG_DEBUG, __func__,
|
|
+ "SSL_use_certificate_ASN1 failed");
|
|
+ }
|
|
}
|
|
|
|
if (client_cert == NULL)
|
|
@@ -1515,40 +1538,73 @@ static int tls_connection_private_key(vo
|
|
while (private_key_blob) {
|
|
if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl,
|
|
(u8 *) private_key_blob,
|
|
- private_key_blob_len) == 1) {
|
|
- wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
|
|
- "ASN1(EVP_PKEY_RSA) --> OK");
|
|
- ok = 1;
|
|
- break;
|
|
- } else {
|
|
+ private_key_blob_len) != 1) {
|
|
+ unsigned long err = ERR_peek_error();
|
|
+
|
|
tls_show_errors(MSG_DEBUG, __func__,
|
|
"SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA)"
|
|
" failed");
|
|
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
|
|
+ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
|
|
+ "cert already in hash table error",
|
|
+ __func__);
|
|
+ ok = 1;
|
|
+ }
|
|
+ } else
|
|
+ ok = 1;
|
|
+
|
|
+ if (ok == 1) {
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
|
|
+ "ASN1(EVP_PKEY_RSA) --> OK");
|
|
+ break;
|
|
}
|
|
|
|
if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
|
|
(u8 *) private_key_blob,
|
|
- private_key_blob_len) == 1) {
|
|
- wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
|
|
- "ASN1(EVP_PKEY_DSA) --> OK");
|
|
- ok = 1;
|
|
- break;
|
|
- } else {
|
|
+ private_key_blob_len) != 1) {
|
|
+ unsigned long err = ERR_peek_error();
|
|
+
|
|
tls_show_errors(MSG_DEBUG, __func__,
|
|
"SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA)"
|
|
" failed");
|
|
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
|
|
+ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
|
|
+ "cert already in hash table error",
|
|
+ __func__);
|
|
+ ok = 1;
|
|
+ }
|
|
+ } else
|
|
+ ok = 1;
|
|
+
|
|
+ if (ok == 1) {
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_"
|
|
+ "ASN1(EVP_PKEY_DSA) --> OK");
|
|
+ break;
|
|
}
|
|
|
|
if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
|
|
(u8 *) private_key_blob,
|
|
- private_key_blob_len) == 1) {
|
|
+ private_key_blob_len) != 1) {
|
|
+ unsigned long err = ERR_peek_error();
|
|
+
|
|
+ tls_show_errors(MSG_DEBUG, __func__,
|
|
+ "SSL_use_RSAPrivateKey_ASN1 failed");
|
|
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
|
|
+ ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring "
|
|
+ "cert already in hash table error",
|
|
+ __func__);
|
|
+ ok = 1;
|
|
+ }
|
|
+ } else
|
|
+ ok = 1;
|
|
+
|
|
+ if (ok == 1) {
|
|
wpa_printf(MSG_DEBUG, "OpenSSL: "
|
|
"SSL_use_RSAPrivateKey_ASN1 --> OK");
|
|
- ok = 1;
|
|
break;
|
|
- } else {
|
|
- tls_show_errors(MSG_DEBUG, __func__,
|
|
- "SSL_use_RSAPrivateKey_ASN1 failed");
|
|
}
|
|
|
|
if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
|