Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[gsupplicant] Allow private key without client cert. Contributes to J…
…B#48581

Allow definition of network with private_key set, but client_cert not
set, as this is the format wpa_supplicant expects PKCS#12 bundles to be
used. Reject requests with client_cert but no private_key.
  • Loading branch information
inzanity committed Jan 17, 2020
1 parent 92fab23 commit aa7f9b0
Showing 1 changed file with 11 additions and 12 deletions.
23 changes: 11 additions & 12 deletions src/gsupplicant_interface.c
Expand Up @@ -520,6 +520,8 @@ gsupplicant_interface_add_network_args_security_eap(
gsupplicant_check_blob_or_abs_path(np->ca_cert_file, blobs);
const char* client_cert =
gsupplicant_check_blob_or_abs_path(np->client_cert_file, blobs);
const char* private_key =
gsupplicant_check_blob_or_abs_path(np->private_key_file, blobs);
const char* method = gsupplicant_eap_method_name(np->eap, &found);
GASSERT(found == np->eap); /* Only one method should be specified */
gsupplicant_dict_add_string_ne(builder, "eap", method);
Expand All @@ -543,22 +545,19 @@ gsupplicant_interface_add_network_args_security_eap(
gsupplicant_dict_add_string_ne(builder, "password", np->passphrase);
gsupplicant_dict_add_string0(builder, "ca_cert", ca_cert);
if (client_cert) {
if (np->private_key_file && np->private_key_file[0]) {
const char* private_key =
gsupplicant_check_blob_or_abs_path(np->private_key_file,
blobs);
if (private_key) {
gsupplicant_dict_add_string(builder, "client_cert",
client_cert);
gsupplicant_dict_add_string(builder, "private_key",
private_key);
gsupplicant_dict_add_string_ne(builder, "private_key_passwd",
np->private_key_passphrase);
}
if (private_key) {
gsupplicant_dict_add_string(builder, "client_cert",
client_cert);
} else {
GWARN("Missing private key");
}
}
if (private_key) {
gsupplicant_dict_add_string(builder, "private_key",
private_key);
gsupplicant_dict_add_string_ne(builder, "private_key_passwd",
np->private_key_passphrase);
}
gsupplicant_dict_add_string_ne(builder, "domain_match",
np->domain_match);
gsupplicant_dict_add_string_ne(builder, "subject_match",
Expand Down

0 comments on commit aa7f9b0

Please sign in to comment.