|
@@ -425,6 +425,13 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|
|
gnutls_strerror(ret));
|
|
gnutls_strerror(ret));
|
|
|
return -1;
|
|
return -1;
|
|
|
}
|
|
}
|
|
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
|
|
+ "GnuTLS: Successfully read CA cert '%s' in PEM format",
|
|
|
|
|
+ params->ca_cert);
|
|
|
|
|
+ } else {
|
|
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
|
|
+ "GnuTLS: Successfully read CA cert '%s' in DER format",
|
|
|
|
|
+ params->ca_cert);
|
|
|
}
|
|
}
|
|
|
} else if (params->ca_cert_blob) {
|
|
} else if (params->ca_cert_blob) {
|
|
|
gnutls_datum_t ca;
|
|
gnutls_datum_t ca;
|
|
@@ -472,6 +479,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if (params->client_cert && params->private_key) {
|
|
if (params->client_cert && params->private_key) {
|
|
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
|
|
+ "GnuTLS: Try to parse client cert '%s' and key '%s' in DER format",
|
|
|
|
|
+ params->client_cert, params->private_key);
|
|
|
#if GNUTLS_VERSION_NUMBER >= 0x03010b
|
|
#if GNUTLS_VERSION_NUMBER >= 0x03010b
|
|
|
ret = gnutls_certificate_set_x509_key_file2(
|
|
ret = gnutls_certificate_set_x509_key_file2(
|
|
|
conn->xcred, params->client_cert, params->private_key,
|
|
conn->xcred, params->client_cert, params->private_key,
|
|
@@ -483,8 +493,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|
|
GNUTLS_X509_FMT_DER);
|
|
GNUTLS_X509_FMT_DER);
|
|
|
#endif
|
|
#endif
|
|
|
if (ret < 0) {
|
|
if (ret < 0) {
|
|
|
- wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
|
|
|
|
|
- "in DER format: %s", gnutls_strerror(ret));
|
|
|
|
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
|
|
+ "GnuTLS: Failed to read client cert/key in DER format (%s) - try in PEM format",
|
|
|
|
|
+ gnutls_strerror(ret));
|
|
|
#if GNUTLS_VERSION_NUMBER >= 0x03010b
|
|
#if GNUTLS_VERSION_NUMBER >= 0x03010b
|
|
|
ret = gnutls_certificate_set_x509_key_file2(
|
|
ret = gnutls_certificate_set_x509_key_file2(
|
|
|
conn->xcred, params->client_cert,
|
|
conn->xcred, params->client_cert,
|
|
@@ -501,11 +512,19 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
|
|
gnutls_strerror(ret));
|
|
gnutls_strerror(ret));
|
|
|
return ret;
|
|
return ret;
|
|
|
}
|
|
}
|
|
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
|
|
+ "GnuTLS: Successfully read client cert/key in PEM format");
|
|
|
|
|
+ } else {
|
|
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
|
|
+ "GnuTLS: Successfully read client cert/key in DER format");
|
|
|
}
|
|
}
|
|
|
} else if (params->private_key) {
|
|
} else if (params->private_key) {
|
|
|
int pkcs12_ok = 0;
|
|
int pkcs12_ok = 0;
|
|
|
#ifdef PKCS12_FUNCS
|
|
#ifdef PKCS12_FUNCS
|
|
|
/* Try to load in PKCS#12 format */
|
|
/* Try to load in PKCS#12 format */
|
|
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
|
|
+ "GnuTLS: Try to parse client cert/key '%s'in PKCS#12 DER format",
|
|
|
|
|
+ params->private_key);
|
|
|
ret = gnutls_certificate_set_x509_simple_pkcs12_file(
|
|
ret = gnutls_certificate_set_x509_simple_pkcs12_file(
|
|
|
conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
|
|
conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
|
|
|
params->private_key_passwd);
|
|
params->private_key_passwd);
|
Jouni Malinen