OpenSSL: Do not accept SSL Client certificate for server

If the extended key usage of the AAA server certificate indicates
that the certificate is for client use, reject the TLS handshake.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index feba13f..287fd33 100644 (file)
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -41,7 +41,8 @@ enum tls_fail_reason {
        TLS_FAIL_ALTSUBJECT_MISMATCH = 6,
        TLS_FAIL_BAD_CERTIFICATE = 7,
        TLS_FAIL_SERVER_CHAIN_PROBE = 8,
-       TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9
+       TLS_FAIL_DOMAIN_SUFFIX_MISMATCH = 9,
+       TLS_FAIL_SERVER_USED_CLIENT_CERT = 10
 };
 
 union tls_event_data {

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 4c1469f..257d95a 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -105,6 +105,7 @@ struct tls_connection {
        unsigned int ca_cert_verify:1;
        unsigned int cert_probe:1;
        unsigned int server_cert_only:1;
+       unsigned int server:1;
 
        u8 srv_cert_hash[32];
 
@@ -1476,6 +1477,16 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
                                       TLS_FAIL_SERVER_CHAIN_PROBE);
        }
 
+       if (!conn->server && err_cert && preverify_ok && depth == 0 &&
+           (err_cert->ex_flags & EXFLAG_XKUSAGE) &&
+           (err_cert->ex_xkusage & XKU_SSL_CLIENT)) {
+               wpa_printf(MSG_WARNING, "TLS: Server used client certificate");
+               openssl_tls_fail_event(conn, err_cert, err, depth, buf,
+                                      "Server used client certificate",
+                                      TLS_FAIL_SERVER_USED_CLIENT_CERT);
+               preverify_ok = 0;
+       }
+
        if (preverify_ok && context->event_cb != NULL)
                context->event_cb(context->cb_ctx,
                                  TLS_CERT_CHAIN_SUCCESS, NULL);
@@ -2527,6 +2538,8 @@ openssl_handshake(struct tls_connection *conn, const struct wpabuf *in_data,
        int res;
        struct wpabuf *out_data;
 
+       conn->server = !!server;
+
        /*
         * Give TLS handshake data from the server (if available) to OpenSSL
         * for processing.