sta_set_security: Add ServerCert parameter
This new parameter can be used to configure a specific server
certificate for the network profile using SHA256 hash of the DER version
of the certificate read from a file on the station.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
diff --git a/sta.c b/sta.c
index 9e78eb3..3033c5b 100644
--- a/sta.c
+++ b/sta.c
@@ -2166,7 +2166,7 @@
{
const char *val, *alg, *akm;
int id;
- char buf[200];
+ char buf[200], buf2[300];
#ifdef ANDROID
unsigned char kvalue[KEYSTORE_MESSAGE_SIZE];
int length;
@@ -2267,6 +2267,33 @@
return -2;
}
+ val = get_param(cmd, "ServerCert");
+ if (val) {
+ FILE *f;
+ char *result = NULL, *pos;
+
+ snprintf(buf, sizeof(buf), "%s/%s.sha256", sigma_cert_path,
+ val);
+ f = fopen(buf, "r");
+ if (f) {
+ result = fgets(buf, sizeof(buf), f);
+ fclose(f);
+ }
+ if (!result) {
+ snprintf(buf2, sizeof(buf2),
+ "ErrorCode,ServerCert hash could not be read from %s",
+ buf);
+ send_resp(dut, conn, SIGMA_ERROR, buf2);
+ return STATUS_SENT_ERROR;
+ }
+ pos = strchr(buf, '\n');
+ if (pos)
+ *pos = '\0';
+ snprintf(buf2, sizeof(buf2), "hash://server/sha256/%s", buf);
+ if (set_network_quoted(ifname, id, "ca_cert", buf2) < 0)
+ return ERROR_SEND_STATUS;
+ }
+
val = get_param(cmd, "Domain");
if (val && set_network_quoted(ifname, id, "domain_match", val) < 0)
return ERROR_SEND_STATUS;