From patchwork Thu Apr 4 18:16:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juliusz Sosinowicz X-Patchwork-Id: 1919910 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=jFTyZSsu; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=wolfssl-com.20230601.gappssmtp.com header.i=@wolfssl-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=bC2zkYto; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9VH85CBRz1yYf for ; Fri, 5 Apr 2024 05:18:28 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=KNv4Kp2aqNipRyd2uMGVxyA92RUK4U2Y3d+6aK9EjAU=; b=jFTyZSsuT0C5O0 if2W6Yl9WIhj8X5kXH+A7r3MEjwxz/KTp4NJ4RNTb+ogMF16a7evHI5DlXvwzWXI+xmRfHVgWPf/e Dq2yQ1XGUZiZKkVl9g5T7RD8sRXB1sC5y1PUfVO2q32x8Z05oX3br+3Ke2WwbAgRaWiDhnn5utg+v kr1zXN3kur5HnqQi26qmuqndlCPKV0dKWuPvBmz8WUq7bJi/8P1+8Gb+SerMA3Fw0SeP7DdJZlOpg 9GznqbBn/TX/Dg5ok2M0y6Tc5bPPhqcAy8axjh6FDCkmRtmzWM0PkJu6/yT3xLULt3yKhXGL7KzSr /4cfp+Dphr5oXDiBOd0A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.97.1 #2 (Red Hat Linux)) id 1rsRf6-00000003nTg-41Lo; Thu, 04 Apr 2024 18:18:08 +0000 Received: from mail-lf1-x136.google.com ([2a00:1450:4864:20::136]) by bombadil.infradead.org with esmtps (Exim 4.97.1 #2 (Red Hat Linux)) id 1rsReB-00000003mks-3tBB for hostap@lists.infradead.org; Thu, 04 Apr 2024 18:17:14 +0000 Received: by mail-lf1-x136.google.com with SMTP id 2adb3069b0e04-516d0c004b1so885031e87.2 for ; Thu, 04 Apr 2024 11:17:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wolfssl-com.20230601.gappssmtp.com; s=20230601; t=1712254630; x=1712859430; darn=lists.infradead.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FwX/7vCBxX+jXGI1GaQ3SvhG4LDE3dAmeoJo7kP24Sw=; b=bC2zkYtoKz8KimnjKhCt5nE/RxeHSybRdoi0faoM13XAEBt/IGGYUI/J5ZuCMsxIq0 NMfIJ/691HnfRFZ7nOA333ZOixKtAh0n/K+SN0duVV1wd4B/MRyqRM5/mfXGQnxW0+Dw zaZ8Mdc657I3ZX7xdfVRKAs7Auyndq6iIJuF7tHGdBtYDKjASoC94Ku0M/1tUVH7GN3Q zozYo55J4OPCsTrMbVixy5V1Ocs8z0vTUTjGFwM0QLu4XOUqjZIkKkik0u1VMyNGvwMe EpwNpnqYPbkd5QpaPxe103yg+pxRDqzxkPN9RqCTc2dfpEn7VErXaxFgtW9oV0ANXWBo HUTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712254630; x=1712859430; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FwX/7vCBxX+jXGI1GaQ3SvhG4LDE3dAmeoJo7kP24Sw=; b=btN1Z2JmZP2q3ZphynudKB32qZgupSQ1kTnzTXjYAgxuHJW9NPfibRZQFKJQfa43Dc 2hFj62flPZD32FLocRrATfG1RkGtP06DGb5gbBTP7l7eTyhN787cw3hza3UFyAnXan/0 fXOXFJZBpya4wISp6cAbQ5UfCXZZq0nis/Zl0jpMEDDPg0J2tQMIdEyZJDyuWyUttrFa ykr9ODO23g3zwQVX5v+W7G80epGYk36ddDUU1VgLU0CkcoRIadWTc0pKgD8Lf3Z63ohW gB9pmq+lf6wIW2a2NwHAqoaZidb+y98owP/KZt3KB54U5RfAmE+IcoZWza1ZzJoPjey9 grpw== X-Gm-Message-State: AOJu0Yy5GcTzgJVPm3plSkcXE2Cc1HnPZhFhK3ZyXWw9OExhdZuLyVT3 eSp8rEuJH2SLB8DoEBUyHQ+FonZhhgx/RVPoNlH4Izkb72cOwIBxqUJh+zLXuiShi94WmtlCzN0 rlRg= X-Google-Smtp-Source: AGHT+IECePhWi+XHUtJaCZ6YuizxfgKXjo4xMOPsdzvlUi/4QsJMeeu/HA9Xf3+7FCgr9ebYKQP9pg== X-Received: by 2002:a2e:9dc2:0:b0:2d8:5815:4479 with SMTP id x2-20020a2e9dc2000000b002d858154479mr78118ljj.44.1712254629735; Thu, 04 Apr 2024 11:17:09 -0700 (PDT) Received: from localhost.localdomain ([82.118.30.15]) by smtp.gmail.com with ESMTPSA id dh26-20020a0564021d3a00b0056e0b358e86sm1976349edb.97.2024.04.04.11.17.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 11:17:09 -0700 (PDT) From: Juliusz Sosinowicz To: hostap@lists.infradead.org Cc: Juliusz Sosinowicz Subject: [PATCH 14/24] wolfssl: remove unnecessary WOLFSSL_X509_STORE manipulation Date: Thu, 4 Apr 2024 20:16:20 +0200 Message-Id: <20240404181630.2431991-14-juliusz@wolfssl.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240404181630.2431991-1-juliusz@wolfssl.com> References: <20240404181630.2431991-1-juliusz@wolfssl.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240404_111712_386360_5443B775 X-CRM114-Status: GOOD ( 11.44 ) X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Setting a new WOLFSSL_X509_STORE is not necessary when calling wolfSSL_CTX_load_verify_locations(). Signed-off-by: Juliusz Sosinowicz --- src/crypto/tls_wolfssl.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:136 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Setting a new WOLFSSL_X509_STORE is not necessary when calling wolfSSL_CTX_load_verify_locations(). Signed-off-by: Juliusz Sosinowicz --- src/crypto/tls_wolfssl.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c index 4016b6a46b..f126c37479 100644 --- a/src/crypto/tls_wolfssl.c +++ b/src/crypto/tls_wolfssl.c @@ -1383,15 +1383,8 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn, } if (ca_cert || ca_path) { - WOLFSSL_X509_STORE *cm = wolfSSL_X509_STORE_new(); - - if (!cm) { - wpa_printf(MSG_INFO, - "SSL: failed to create certificate store"); - return -1; - } - wolfSSL_CTX_set_cert_store(ctx, cm); - + wpa_printf(MSG_DEBUG, "SSL: loading CA's from '%s' and '%s'", + ca_cert ? ca_cert : "N/A", ca_path ? ca_path : "N/A"); if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, ca_path) != SSL_SUCCESS) { wpa_printf(MSG_INFO, @@ -1408,6 +1401,7 @@ static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn, return -1; } } + wpa_printf(MSG_DEBUG, "SSL: Loaded ca_cert or ca_path"); return 0; }