From patchwork Wed May 22 06:48:32 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Santtu Lakkala X-Patchwork-Id: 1103207 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=jolla.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="mzlcc6+R"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4583BX1H3tz9s55 for ; Wed, 22 May 2019 16:48:52 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=wRASQ3sCI1DhgWb9R8nSkO+9XNIeU7lULk9k9hzvJl4=; b=mzlcc6+RW4rZpp +6aZjwaN9vY+QnZx0ctHucEsyEPGFERJQMvlbn2f1+4qkXDhfJl00Ud1s9b2Ux4s/szFRklzZcx6H B68d95ubljPpsXMAJaV6Koj4NZObXzTqx2MWor+DWgtlY5QrJKNH5ZobPbDxhP2c26FlpO0F3v+51 VbHisj8ZHAnz55JoZ/eKVTLW6oTNy5DIV3O1Qgn9DIVOpuVgFuRcWmXlJCKnMFy6rp919cyqL6/rj Kf81I5CKUMP2FJ1LS+Hn5EAQAqaRnVDg5bHiASbNVfu1XfAC/jOOixRKhQ/B2a0ULc4eXPjP2WZYp KIm7rloMJvpTFub5476Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1hTL3N-0001T9-Rc; Wed, 22 May 2019 06:48:45 +0000 Received: from smtp122.iad3a.emailsrvr.com ([173.203.187.122]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1hTL3L-0001Sh-Gq for hostap@lists.infradead.org; Wed, 22 May 2019 06:48:44 +0000 Received: from smtp16.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp16.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 95DC1453A; Wed, 22 May 2019 02:48:40 -0400 (EDT) X-Auth-ID: santtu.lakkala@jollamobile.com Received: by smtp16.relay.iad3a.emailsrvr.com (Authenticated sender: santtu.lakkala-AT-jollamobile.com) with ESMTPSA id D29C625F6; Wed, 22 May 2019 02:48:39 -0400 (EDT) X-Sender-Id: santtu.lakkala@jollamobile.com Received: from localhost.localdomain (91-153-69-77.elisa-laajakaista.fi [91.153.69.77]) (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256) by 0.0.0.0:587 (trex/5.7.12); Wed, 22 May 2019 02:48:40 -0400 From: Santtu Lakkala To: hostap@lists.infradead.org Subject: [PATCH v2] OpenSSL: Allow ca_cert_blob in PEM format Date: Wed, 22 May 2019 09:48:32 +0300 Message-Id: <20190522064832.19996-1-santtu.lakkala@jolla.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190521_234843_614063_6B0D63FB X-CRM114-Status: UNSURE ( 8.75 ) X-CRM114-Notice: Please train this message. X-Spam-Score: 0.0 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [173.203.187.122 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org GnuTLS backend already accepts CA cert blobs in both DER and PEM formats. Implement similar trial-and-error handling in OpenSSL backend. Signed-off-by: line for the commit message so that I can apply this? --- src/crypto/tls_openssl.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index bf2407421..bf26f67ba 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -2577,9 +2577,22 @@ static int tls_connection_ca_cert(struct tls_data *data, (const unsigned char **) &ca_cert_blob, ca_cert_blob_len); if (cert == NULL) { - tls_show_errors(MSG_WARNING, __func__, - "Failed to parse ca_cert_blob"); - return -1; + BIO *bio = BIO_new_mem_buf(ca_cert_blob, ca_cert_blob_len); + + if (bio != NULL) { + cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); + BIO_free(bio); + } + + if (cert == NULL) { + tls_show_errors(MSG_WARNING, __func__, + "Failed to parse ca_cert_blob"); + return -1; + } + + while (ERR_get_error()) { + /* Ignore errors from DER conversion. */ + } } if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx),