@@ -42,7 +42,7 @@ enum tls_fail_reason {
TLS_FAIL_BAD_CERTIFICATE = 7,
TLS_FAIL_SERVER_CHAIN_PROBE = 8,
TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
- TLS_FAIL_SERVER_USED_CLIENT_CERT = 10
+ TLS_FAIL_NON_SERVER_KEY_USAGE = 10,
};
union tls_event_data {
@@ -1479,11 +1479,13 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
if (!conn->server && err_cert && preverify_ok && depth == 0 &&
(err_cert->ex_flags & EXFLAG_XKUSAGE) &&
- (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
- wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
+ !(err_cert->ex_xkusage & (XKU_SSL_SERVER | XKU_ANYEKU))) {
+ wpa_printf(MSG_WARNING, "TLS: Server certificate marked for "
+ "non-server key usage");
openssl_tls_fail_event(conn, err_cert, err, depth, buf,
- "Server used client certificate",
- TLS_FAIL_SERVER_USED_CLIENT_CERT);
+ "Server certificate marked for "
+ "non-server key usage",
+ TLS_FAIL_NON_SERVER_KEY_USAGE);
preverify_ok = 0;
}
Commit 51e3eafb68e15e78e98ca955704be8a6c3a7b304 was too strict in forbidding certificates marked for client use. For example, this broke the MIT SECURE wireless network. The extended key usage is a _list_ of allowed uses, and rather than checking that client use is not in the list, we should check that server use is in the list. Signed-off-by: Anders Kaseorg <andersk@mit.edu> --- (Change from v1: accept XKU_ANYEKU.) src/crypto/tls.h | 2 +- src/crypto/tls_openssl.c | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-)