wpa_supplicant/wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff

From f40c1d989762c4f3b585c86ca5d9a216d120fa12 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Fri, 16 Sep 2011 11:41:16 +0200
Subject: [PATCH] dump certificate as PEM in debug mode

---
 src/crypto/tls_openssl.c | 13 +++++++++++++
 src/utils/wpa_debug.c    |  5 +++++
 src/utils/wpa_debug.h    |  8 ++++++++
 3 files changed, 26 insertions(+)

Index: wpa_supplicant-2.4/src/crypto/tls_openssl.c
===================================================================
--- wpa_supplicant-2.4.orig/src/crypto/tls_openssl.c
+++ wpa_supplicant-2.4/src/crypto/tls_openssl.c
@@ -1484,6 +1484,19 @@ static int tls_verify_cb(int preverify_o
 					 SSL_get_ex_data_X509_STORE_CTX_idx());
 	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
 
+	if (wpa_debug_enabled(MSG_DEBUG)) {
+		long len;
+		char* data = NULL;
+		BIO* bio = BIO_new(BIO_s_mem());
+		//X509_print_ex(bio, err_cert, (XN_FLAG_MULTILINE|ASN1_STRFLGS_UTF8_CONVERT)&~ASN1_STRFLGS_ESC_MSB, 0);
+		PEM_write_bio_X509(bio, err_cert);
+		len = BIO_get_mem_data(bio, &data);
+		if (len) {
+			wpa_printf(MSG_DEBUG, "OpenSSL certificate at depth %d:\n%*s", depth, (int)len, data);
+		}
+		BIO_free(bio);
+	}
+
 	conn = SSL_get_app_data(ssl);
 	if (conn == NULL)
 		return 0;
Index: wpa_supplicant-2.4/src/utils/wpa_debug.c
===================================================================
--- wpa_supplicant-2.4.orig/src/utils/wpa_debug.c
+++ wpa_supplicant-2.4/src/utils/wpa_debug.c
@@ -62,6 +62,11 @@ static FILE *out_file = NULL;
 #endif /* CONFIG_DEBUG_FILE */
 
 
+int wpa_debug_enabled(int level)
+{
+	return level >= wpa_debug_level;
+}
+
 void wpa_debug_print_timestamp(void)
 {
 #ifndef CONFIG_ANDROID_LOG
Index: wpa_supplicant-2.4/src/utils/wpa_debug.h
===================================================================
--- wpa_supplicant-2.4.orig/src/utils/wpa_debug.h
+++ wpa_supplicant-2.4/src/utils/wpa_debug.h
@@ -24,6 +24,7 @@ enum {
 
 #ifdef CONFIG_NO_STDOUT_DEBUG
 
+#define wpa_debug_enabled(x) do { } while (0)
 #define wpa_debug_print_timestamp() do { } while (0)
 #define wpa_printf(args...) do { } while (0)
 #define wpa_hexdump(l,t,b,le) do { } while (0)
@@ -50,6 +51,13 @@ void wpa_debug_close_file(void);
 void wpa_debug_setup_stdout(void);
 
 /**
+ * wpa_debug_enabled: check whether given debug level is enabled
+ * @level: priority level (MSG_*) of the message
+ * @return: 0 or 1
+ */
+int wpa_debug_enabled(int level);
+
+/**
  * wpa_debug_printf_timestamp - Print timestamp for debug output
  *
  * This function prints a timestamp in seconds_from_1970.microsoconds
Accepting request 433620 from home:msmeissn:branches:hardware - updated to 2.6 / 2016-10-02 * fixed WNM Sleep Mode processing when PMF is not enabled [http://w1.fi/security/2015-6/] (CVE-2015-5310 bsc#952254) * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5315 bsc#953115) * fixed EAP-pwd unexpected Confirm message processing [http://w1.fi/security/2015-8/] (CVE-2015-5316 bsc#953115) * fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476 bsc#978172) * fixed configuration update vulnerability with malformed parameters set over the local control interface [http://w1.fi/security/2016-1/] (CVE-2016-4477 bsc#978175) * fixed TK configuration to the driver in EAPOL-Key 3/4 retry case * extended channel switch support for P2P GO * started to throttle control interface event message bursts to avoid issues with monitor sockets running out of buffer space * mesh mode fixes/improvements - generate proper AID for peer - enable WMM by default - add VHT support - fix PMKID derivation - improve robustness on various exchanges - fix peer link counting in reconnect case - improve mesh joining behavior - allow DTIM period to be configured - allow HT to be disabled (disable_ht=1) - add MESH_PEER_ADD and MESH_PEER_REMOVE commands - add support for PMKSA caching - add minimal support for SAE group negotiation - allow pairwise/group cipher to be configured in the network profile OBS-URL: https://build.opensuse.org/request/show/433620 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=68 2016-10-06 16:48:36 +00:00			`From f40c1d989762c4f3b585c86ca5d9a216d120fa12 Mon Sep 17 00:00:00 2001`
			`From: Ludwig Nussel <ludwig.nussel@suse.de>`
			`Date: Fri, 16 Sep 2011 11:41:16 +0200`
			`Subject: [PATCH] dump certificate as PEM in debug mode`

			`---`
			`src/crypto/tls_openssl.c \| 13 +++++++++++++`
			`src/utils/wpa_debug.c \| 5 +++++`
			`src/utils/wpa_debug.h \| 8 ++++++++`
			`3 files changed, 26 insertions(+)`

			`Index: wpa_supplicant-2.4/src/crypto/tls_openssl.c`
			`===================================================================`
			`--- wpa_supplicant-2.4.orig/src/crypto/tls_openssl.c`
			`+++ wpa_supplicant-2.4/src/crypto/tls_openssl.c`
			`@@ -1484,6 +1484,19 @@ static int tls_verify_cb(int preverify_o`
			`SSL_get_ex_data_X509_STORE_CTX_idx());`
			`X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));`

			`+ if (wpa_debug_enabled(MSG_DEBUG)) {`
			`+ long len;`
			`+ char* data = NULL;`
			`+ BIO* bio = BIO_new(BIO_s_mem());`
			`+ //X509_print_ex(bio, err_cert, (XN_FLAG_MULTILINE\|ASN1_STRFLGS_UTF8_CONVERT)&~ASN1_STRFLGS_ESC_MSB, 0);`
			`+ PEM_write_bio_X509(bio, err_cert);`
			`+ len = BIO_get_mem_data(bio, &data);`
			`+ if (len) {`
			`+ wpa_printf(MSG_DEBUG, "OpenSSL certificate at depth %d:\n%*s", depth, (int)len, data);`
			`+ }`
			`+ BIO_free(bio);`
			`+ }`
			`+`
			`conn = SSL_get_app_data(ssl);`
			`if (conn == NULL)`
			`return 0;`
			`Index: wpa_supplicant-2.4/src/utils/wpa_debug.c`
			`===================================================================`
			`--- wpa_supplicant-2.4.orig/src/utils/wpa_debug.c`
			`+++ wpa_supplicant-2.4/src/utils/wpa_debug.c`
			`@@ -62,6 +62,11 @@ static FILE *out_file = NULL;`
			`#endif /* CONFIG_DEBUG_FILE */`


			`+int wpa_debug_enabled(int level)`
			`+{`
			`+ return level >= wpa_debug_level;`
			`+}`
			`+`
			`void wpa_debug_print_timestamp(void)`
			`{`
			`#ifndef CONFIG_ANDROID_LOG`
			`Index: wpa_supplicant-2.4/src/utils/wpa_debug.h`
			`===================================================================`
			`--- wpa_supplicant-2.4.orig/src/utils/wpa_debug.h`
			`+++ wpa_supplicant-2.4/src/utils/wpa_debug.h`
			`@@ -24,6 +24,7 @@ enum {`

			`#ifdef CONFIG_NO_STDOUT_DEBUG`

			`+#define wpa_debug_enabled(x) do { } while (0)`
			`#define wpa_debug_print_timestamp() do { } while (0)`
			`#define wpa_printf(args...) do { } while (0)`
			`#define wpa_hexdump(l,t,b,le) do { } while (0)`
			`@@ -50,6 +51,13 @@ void wpa_debug_close_file(void);`
			`void wpa_debug_setup_stdout(void);`

			`/**`
			`+ * wpa_debug_enabled: check whether given debug level is enabled`
			`+ * @level: priority level (MSG_*) of the message`
			`+ * @return: 0 or 1`
			`+ */`
			`+int wpa_debug_enabled(int level);`
			`+`
			`+/**`
			`* wpa_debug_printf_timestamp - Print timestamp for debug output`
			`*`
			`* This function prints a timestamp in seconds_from_1970.microsoconds`