[PATCH 0/4] TLS client: Improve certificate validation
Pali Rohár
pali.rohar at gmail.com
Sat Nov 21 17:02:54 PST 2015
This patch series implements hash://server/sha256/cert_hash_in_hex syntax for
ca_cert property, correctly skip validation if ca_cert is not specified and
implements validation for certificate with SHA384 and SHA512 hashes.
Pali Rohár (4):
TLS client: Do not verify CA certificates when ca_cert is not
specified
TLS client: Add support for validating server certificate
Crypto: Add SHA384 and SHA512 implementation from LibTomCrypt library
TLS client: Validate certificates with SHA384 and SHA512 hashes
src/crypto/Makefile | 4 +-
src/crypto/crypto.h | 22 ++++
src/crypto/sha384-internal.c | 92 ++++++++++++++
src/crypto/sha384_i.h | 23 ++++
src/crypto/sha512-internal.c | 273 ++++++++++++++++++++++++++++++++++++++++++
src/crypto/sha512_i.h | 25 ++++
src/tls/tlsv1_client_read.c | 16 ++-
src/tls/tlsv1_cred.c | 27 +++++
src/tls/tlsv1_cred.h | 4 +
src/tls/x509v3.c | 66 +++++++++-
wpa_supplicant/Makefile | 10 ++
11 files changed, 556 insertions(+), 6 deletions(-)
create mode 100644 src/crypto/sha384-internal.c
create mode 100644 src/crypto/sha384_i.h
create mode 100644 src/crypto/sha512-internal.c
create mode 100644 src/crypto/sha512_i.h
--
1.7.9.5
More information about the Hostap
mailing list