[PATCH 0/4] TLS client: Improve certificate validation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This patch series implements hash://server/sha256/cert_hash_in_hex syntax for
ca_cert property, correctly skip validation if ca_cert is not specified and
implements validation for certificate with SHA384 and SHA512 hashes.

Pali Rohár (4):
  TLS client: Do not verify CA certificates when ca_cert is not
    specified
  TLS client: Add support for validating server certificate
  Crypto: Add SHA384 and SHA512 implementation from LibTomCrypt library
  TLS client: Validate certificates with SHA384 and SHA512 hashes

 src/crypto/Makefile          |    4 +-
 src/crypto/crypto.h          |   22 ++++
 src/crypto/sha384-internal.c |   92 ++++++++++++++
 src/crypto/sha384_i.h        |   23 ++++
 src/crypto/sha512-internal.c |  273 ++++++++++++++++++++++++++++++++++++++++++
 src/crypto/sha512_i.h        |   25 ++++
 src/tls/tlsv1_client_read.c  |   16 ++-
 src/tls/tlsv1_cred.c         |   27 +++++
 src/tls/tlsv1_cred.h         |    4 +
 src/tls/x509v3.c             |   66 +++++++++-
 wpa_supplicant/Makefile      |   10 ++
 11 files changed, 556 insertions(+), 6 deletions(-)
 create mode 100644 src/crypto/sha384-internal.c
 create mode 100644 src/crypto/sha384_i.h
 create mode 100644 src/crypto/sha512-internal.c
 create mode 100644 src/crypto/sha512_i.h

-- 
1.7.9.5


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux