forked from pool/wpa_supplicant
Clemens Famulla-Conrad
a7a45f374a
- update to 2.10.0:
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2); this is currently disabled by default, but will likely
get enabled by default in the future
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed
invalid frame
[https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed
invalid frame
[https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to
support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
OBS-URL: https://build.opensuse.org/request/show/948384
OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=130
78 lines
2.5 KiB
Diff
78 lines
2.5 KiB
Diff
From f40c1d989762c4f3b585c86ca5d9a216d120fa12 Mon Sep 17 00:00:00 2001
|
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
Date: Fri, 16 Sep 2011 11:41:16 +0200
|
|
Subject: [PATCH] dump certificate as PEM in debug mode
|
|
|
|
---
|
|
src/crypto/tls_openssl.c | 13 +++++++++++++
|
|
src/utils/wpa_debug.c | 5 +++++
|
|
src/utils/wpa_debug.h | 8 ++++++++
|
|
3 files changed, 26 insertions(+)
|
|
|
|
Index: wpa_supplicant-2.10/src/crypto/tls_openssl.c
|
|
===================================================================
|
|
--- wpa_supplicant-2.10.orig/src/crypto/tls_openssl.c
|
|
+++ wpa_supplicant-2.10/src/crypto/tls_openssl.c
|
|
@@ -2361,6 +2361,19 @@ static int tls_verify_cb(int preverify_o
|
|
debug_print_cert(err_cert, buf);
|
|
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
|
|
|
|
+ if (wpa_debug_enabled(MSG_DEBUG)) {
|
|
+ long len;
|
|
+ char* data = NULL;
|
|
+ BIO* bio = BIO_new(BIO_s_mem());
|
|
+ //X509_print_ex(bio, err_cert, (XN_FLAG_MULTILINE|ASN1_STRFLGS_UTF8_CONVERT)&~ASN1_STRFLGS_ESC_MSB, 0);
|
|
+ PEM_write_bio_X509(bio, err_cert);
|
|
+ len = BIO_get_mem_data(bio, &data);
|
|
+ if (len) {
|
|
+ wpa_printf(MSG_DEBUG, "OpenSSL certificate at depth %d:\n%*s", depth, (int)len, data);
|
|
+ }
|
|
+ BIO_free(bio);
|
|
+ }
|
|
+
|
|
conn = SSL_get_app_data(ssl);
|
|
if (conn == NULL)
|
|
return 0;
|
|
Index: wpa_supplicant-2.10/src/utils/wpa_debug.c
|
|
===================================================================
|
|
--- wpa_supplicant-2.10.orig/src/utils/wpa_debug.c
|
|
+++ wpa_supplicant-2.10/src/utils/wpa_debug.c
|
|
@@ -66,6 +66,11 @@ static int wpa_to_android_level(int leve
|
|
#endif /* CONFIG_DEBUG_FILE */
|
|
|
|
|
|
+int wpa_debug_enabled(int level)
|
|
+{
|
|
+ return level >= wpa_debug_level;
|
|
+}
|
|
+
|
|
void wpa_debug_print_timestamp(void)
|
|
{
|
|
#ifndef CONFIG_ANDROID_LOG
|
|
Index: wpa_supplicant-2.10/src/utils/wpa_debug.h
|
|
===================================================================
|
|
--- wpa_supplicant-2.10.orig/src/utils/wpa_debug.h
|
|
+++ wpa_supplicant-2.10/src/utils/wpa_debug.h
|
|
@@ -25,6 +25,7 @@ enum {
|
|
|
|
#ifdef CONFIG_NO_STDOUT_DEBUG
|
|
|
|
+#define wpa_debug_enabled(x) do { } while (0)
|
|
#define wpa_debug_print_timestamp() do { } while (0)
|
|
#define wpa_printf(args...) do { } while (0)
|
|
#define wpa_hexdump(l,t,b,le) do { } while (0)
|
|
@@ -51,6 +52,13 @@ void wpa_debug_close_file(void);
|
|
void wpa_debug_setup_stdout(void);
|
|
|
|
/**
|
|
+ * wpa_debug_enabled: check whether given debug level is enabled
|
|
+ * @level: priority level (MSG_*) of the message
|
|
+ * @return: 0 or 1
|
|
+ */
|
|
+int wpa_debug_enabled(int level);
|
|
+
|
|
+/**
|
|
* wpa_debug_printf_timestamp - Print timestamp for debug output
|
|
*
|
|
* This function prints a timestamp in seconds_from_1970.microsoconds
|