| Message ID | 20240404181630.2431991-13-juliusz@wolfssl.com |
|---|---|
| State | Accepted |
| Headers | show
Return-Path:
<hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=MO3XXXob;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=wolfssl-com.20230601.gappssmtp.com
header.i=@wolfssl-com.20230601.gappssmtp.com header.a=rsa-sha256
header.s=20230601 header.b=GKC4Y2Hn;
dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
(No client certificate requested)
by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9Wf50Cvmz23v5
for <incoming@patchwork.ozlabs.org>; Fri, 5 Apr 2024 06:19:55 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:
Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
List-Owner; bh=hsl/pOCxPr68Dq5AyqR1/z9px84tNoru45REKMYDYaU=; b=MO3XXXob3XWSK7
JtAJNA1TqJkOyR4Na2dN6QDtW61NnLYSSrzrjO5D78/DKNL0DeiK3M2LG+P5BiuyjHLYhXwH29nfX
qmE+2/Eb6aF8bqrTXZcJqFFjLUdNVgvTuA7cmCTyYMKCzTt5kLPFhYNXeycD7pUmCDiB+yr5T9+JX
owfpb1JowcdT7j2v8Gr1M1huDR9t4i7BjClDqzJU1ACW4O6p3RUVDDjjds7LmoOsnVDBTDx6WAkP/
GNOLpsP5sytSlMonHR0R6lakZYv6Q0m5jrlNC7+GZIq6IRuDOZKhzQgZAI1ufNJjSvk+r5cyNFG61
Znv1mEL1OY4pnthdqzcg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux))
id 1rsScf-000000040bf-457e;
Thu, 04 Apr 2024 19:19:41 +0000
Received: from mail-ed1-x534.google.com ([2a00:1450:4864:20::534])
by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux))
id 1rsReC-00000003mk1-0USr
for hostap@lists.infradead.org;
Thu, 04 Apr 2024 18:17:14 +0000
Received: by mail-ed1-x534.google.com with SMTP id
4fb4d7f45d1cf-56e2119cffeso1047925a12.3
for <hostap@lists.infradead.org>;
Thu, 04 Apr 2024 11:17:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=wolfssl-com.20230601.gappssmtp.com; s=20230601; t=1712254628;
x=1712859428; darn=lists.infradead.org;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=T7fxl02fLyKJPYCBOgdJudNI9OsZ4vdT1hZmpAd6W1Y=;
b=GKC4Y2Hnx6vtb/jW4TnJ80gVguyFZ8LAGLMN2lSV5WnXaV8jM0+Lq1pWluPDaqPNVE
GOZUxiA2nu3x9TbV7aiXP4iTBC1rLc8baXHKpfVIXpAplIKoXbxVjnMjXWZ9O7u3TCzA
YN7sn8Wxm1ocORKaze6DQyS8nj0OpdFjW0ugMj9E619n3MmcdP8FErD6nkGLambmu8UK
XgDGC14zTRfG7mpvxDs1/Zyctqt485y9x1YBIG7BDSD2ojmWeET0aJ7zhFgvKwF6UdGu
b9E2wBxn3At6NFzAywvOnTFPt5/yTj96MtJFhtrqBFPrWHwitvJMt1+hA8AebuRYMZl5
ugDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1712254628; x=1712859428;
h=content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=T7fxl02fLyKJPYCBOgdJudNI9OsZ4vdT1hZmpAd6W1Y=;
b=JtzscvSndFayExDIwDTr0PvAwTiYV/ap47d9VCNYGjf6EECkPMWMtliW25xxw9QiZo
ujb3RWtKU24wY9ZpKWCaRt4xScP4W/+M85Gp+g4U4zOoHY4aloJb7Yb9efCrd/jkOblJ
w2JW8SAv0BvWTwKOsXXtx7m7HxQC+nz7zCPCE3JV8jaMjr3lEhLG8tJTyucqaTpxpOMY
lCVUNVy6O951OYcAFeNTvMc4kxdT1kTXGo1aZOPwGWHxGEpY9iqEukGykW7EtP4ntPJJ
5yy1qspSYOdiIXUeYdXPPfxXfbx/BYMX9qKAVqvsgDwW0DdPnkj2dSbwCrv1mMWpWRIx
UKlw==
X-Gm-Message-State: AOJu0YzzjJZOHIwc5N6tRxajKL2Cz+/xllPWvxSHjIyvtxzva0qmnSez
5IcatWIOhA0ltec0B39t+9OB11NoeTn5ATh2aiicRMtzCM3HvJ9frvmbyU5BT0GbDESNfcYgM/9
NdW4=
X-Google-Smtp-Source:
AGHT+IFpc0uQCMuuEm4CnuRQlM7UD2jAoYzMNH5DtCknZx6jTWnPVoD47t/cGjuNTUE5i0vZkqtOIw==
X-Received: by 2002:a50:d4d4:0:b0:56b:defb:3b59 with SMTP id
e20-20020a50d4d4000000b0056bdefb3b59mr2048503edj.19.1712254628718;
Thu, 04 Apr 2024 11:17:08 -0700 (PDT)
Received: from localhost.localdomain ([82.118.30.15])
by smtp.gmail.com with ESMTPSA id
dh26-20020a0564021d3a00b0056e0b358e86sm1976349edb.97.2024.04.04.11.17.07
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 04 Apr 2024 11:17:08 -0700 (PDT)
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
To: hostap@lists.infradead.org
Cc: Juliusz Sosinowicz <juliusz@wolfssl.com>
Subject: [PATCH 13/24] wolfssl: generate events when OCSP status is revoked
Date: Thu, 4 Apr 2024 20:16:19 +0200
Message-Id: <20240404181630.2431991-13-juliusz@wolfssl.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240404181630.2431991-1-juliusz@wolfssl.com>
References: <20240404181630.2431991-1-juliusz@wolfssl.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20240404_111712_477853_BA13037D
X-CRM114-Status: GOOD ( 10.15 )
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> ---
src/crypto/tls_wolfssl.c | 12 ++++++++++++ 1 file changed,
12 insertions(+)
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index
a58e1f7607..4016b6a46b
100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@
-1836,6
+1836,18 @@ static struct [...]
Content analysis details: (0.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no
trust
[2a00:1450:4864:20:0:0:0:534 listed in]
[list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
|
| Series |
[01/24] wolfssl: simplify tls_get_cipher
|
expand
|
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index a58e1f7607..4016b6a46b 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -1836,6 +1836,18 @@ static struct wpabuf * wolfssl_handshake(struct tls_connection *conn, wolfSSL_ERR_error_string(err, msg)); conn->failed++; } + + /* Generate extra events */ + if (err == OCSP_CERT_REVOKED || err == BAD_CERTIFICATE_STATUS_ERROR || + err == OCSP_CERT_REVOKED) { + char buf[256]; + WOLFSSL_X509* err_cert = wolfSSL_get_peer_certificate(conn->ssl); + wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_subject_name(err_cert), + buf, sizeof(buf)); + wolfssl_tls_fail_event(conn, err_cert, err, 0, buf, + "bad certificate status response", + TLS_FAIL_UNSPECIFIED); + } } return conn->output.out_data;
Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com> --- src/crypto/tls_wolfssl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)