On Fri, Feb 07, 2020 at 01:10:11AM -0800, greearb@xxxxxxxxxxxxxxx wrote:
> This gives more flexibility to the hs20 client user.
That "ca-fname instead of cwd" sounds quite confusing. I'd assume
"ca-fname" is referring to the optional "CA cert" argument from the
command line, i.e., a path to a specific file. "cwd" is "current working
directory" which is not really what is being replaced here; this
replaces osu-ca.pem from the current working directory. It would also be
good to mention that this is specifically for OSEN configuration since
ctx->ca_fname is used for different purposes in various other commands
and it is not necessarily the golden CA certificates from osu-ca.pem.
> diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c
> @@ -2190,14 +2190,23 @@ static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
> if (osu_nai && os_strlen(osu_nai) > 0) {
> - char dir[255], fname[300];
> - if (getcwd(dir, sizeof(dir)) == NULL)
> - return -1;
> - os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
> + char fname[300];
> + if (ctx->ca_fname) {
> + strncpy(fname, ctx->ca_fname, sizeof(fname));
os_strlcpy() is preferred instead of strncpy().
> + }
> + else {
} else {
> + char dir[255];
> + if (getcwd(dir, sizeof(dir)) == NULL)
> + return -1;
> + os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
> + ctx->ca_fname = strdup(fname); /* so lib curl can use it. */
What does that "so lib curl can use it" mean here? Use for what and why?
The golden certificates from osu-ca.pem are used for authenticating the
AAA server for OSEN. What would curl do with those trust roots?
> + fname[sizeof(fname) - 1] = 0; /* ensure null termination */
os_strlcpy() above would do that..
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
