err_str = X509_verify_cert_error_string(err);
#ifdef CONFIG_SHA256
- if (depth == 0 && conn->server_cert_only) {
- if (depth == 0 && conn->server_cert_cb) {
+ if (depth == 0) {
+ if (conn->server_cert_cb) {
preverify_ok = conn->server_cert_cb(preverify_ok, err_cert, conn->server_cert_ctx);
wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb: server_cert_cb returned %d", preverify_ok);
}
- else {
+ if (conn->server_cert_only) {
/*
* Do not require preverify_ok so we can explicity allow otherwise
* invalid pinned server certificates.
}
-static int peerValidateCA(int ok_so_far, X509* cert, void *ca_ctx)
+static int peerValidateServer(int ok_so_far, X509* cert, void *ca_ctx)
{
const char *realm = NULL;
unsigned char *cert_bytes = NULL;
GSSEAP_FREE(cert_bytes);
if (hash_len != 32) {
- printf("peerValidateCA: Error: hash_len=%d, not 32!\n", hash_len);
+ printf("peerValidateServer: Error: hash_len=%d, not 32!\n", hash_len);
return FALSE;
}
ok_so_far = moonshot_confirm_ca_certificate(identity, realm, hash, 32, &error);
free(identity);
- printf("peerValidateCA: Returning %d\n", ok_so_far);
+ printf("peerValidateServer: Returning %d\n", ok_so_far);
return ok_so_far;
}
eapPeerConfig->private_key_passwd = (char *)cred->password.value;
}
- eapPeerConfig->server_cert_cb = peerValidateCA;
+ eapPeerConfig->server_cert_cb = peerValidateServer;
eapPeerConfig->server_cert_ctx = eapPeerConfig;
*minor = 0;