| Message ID | 20200207091017.26244-3-greearb@candelatech.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [1/9] supplicant: Update HS20 readme. | expand |
On Fri, Feb 07, 2020 at 01:10:11AM -0800, greearb@candelatech.com wrote: > This gives more flexibility to the hs20 client user. That "ca-fname instead of cwd" sounds quite confusing. I'd assume "ca-fname" is referring to the optional "CA cert" argument from the command line, i.e., a path to a specific file. "cwd" is "current working directory" which is not really what is being replaced here; this replaces osu-ca.pem from the current working directory. It would also be good to mention that this is specifically for OSEN configuration since ctx->ca_fname is used for different purposes in various other commands and it is not necessarily the golden CA certificates from osu-ca.pem. > diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c > @@ -2190,14 +2190,23 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid, > if (osu_nai && os_strlen(osu_nai) > 0) { > - char dir[255], fname[300]; > - if (getcwd(dir, sizeof(dir)) == NULL) > - return -1; > - os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir); > + char fname[300]; > + if (ctx->ca_fname) { > + strncpy(fname, ctx->ca_fname, sizeof(fname)); os_strlcpy() is preferred instead of strncpy(). > + } > + else { } else { > + char dir[255]; > + if (getcwd(dir, sizeof(dir)) == NULL) > + return -1; > + os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir); > + ctx->ca_fname = strdup(fname); /* so lib curl can use it. */ What does that "so lib curl can use it" mean here? Use for what and why? The golden certificates from osu-ca.pem are used for authenticating the AAA server for OSEN. What would curl do with those trust roots? > + fname[sizeof(fname) - 1] = 0; /* ensure null termination */ os_strlcpy() above would do that..
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c index a94f40c51..9f9c307b6 100644 --- a/hs20/client/osu_client.c +++ b/hs20/client/osu_client.c @@ -2190,14 +2190,23 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid, if (ssid2) osu_nai = osu_nai2; if (osu_nai && os_strlen(osu_nai) > 0) { - char dir[255], fname[300]; - if (getcwd(dir, sizeof(dir)) == NULL) - return -1; - os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir); + char fname[300]; + if (ctx->ca_fname) { + strncpy(fname, ctx->ca_fname, sizeof(fname)); + } + else { + char dir[255]; + if (getcwd(dir, sizeof(dir)) == NULL) + return -1; + os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir); + ctx->ca_fname = strdup(fname); /* so lib curl can use it. */ + } if (ssid2 && set_network_quoted(ifname, id, "ssid", ssid2) < 0) return -1; + fname[sizeof(fname) - 1] = 0; /* ensure null termination */ + if (set_network(ifname, id, "proto", "OSEN") < 0 || set_network(ifname, id, "key_mgmt", "OSEN") < 0 || set_network(ifname, id, "pairwise", "CCMP") < 0 ||