aboutsummaryrefslogtreecommitdiffstats
path: root/src/eapol_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-10-12 08:53:51 (GMT)
committerJouni Malinen <j@w1.fi>2014-10-12 08:55:13 (GMT)
commit07e2de3193b0a10d1e0a6d0343698b740b279047 (patch)
treecc09567d2ae5d3b112c80e7f737fe3ff37e67647 /src/eapol_supp
parentf8995f8f1cbed905cd222c056270fea94a9a61c6 (diff)
downloadhostap-07e2de3193b0a10d1e0a6d0343698b740b279047.zip
hostap-07e2de3193b0a10d1e0a6d0343698b740b279047.tar.gz
hostap-07e2de3193b0a10d1e0a6d0343698b740b279047.tar.bz2
wpa_supplicant: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled for TLS-based EAP methods when OpenSSL is used as the TLS library. This parameter can be used both as a global parameter to set the default for all network blocks and as a network block parameter to override the default for each network profile. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eapol_supp')
-rw-r--r--src/eapol_supp/eapol_supp_sm.c1
-rw-r--r--src/eapol_supp/eapol_supp_sm.h9
2 files changed, 10 insertions, 0 deletions
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 70258be..ef8d6ee 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -2026,6 +2026,7 @@ struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx)
conf.opensc_engine_path = ctx->opensc_engine_path;
conf.pkcs11_engine_path = ctx->pkcs11_engine_path;
conf.pkcs11_module_path = ctx->pkcs11_module_path;
+ conf.openssl_ciphers = ctx->openssl_ciphers;
conf.wps = ctx->wps;
conf.cert_in_cb = ctx->cert_in_cb;
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index 5b37314..2a79052 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -210,6 +210,15 @@ struct eapol_ctx {
const char *pkcs11_module_path;
/**
+ * openssl_ciphers - OpenSSL cipher string
+ *
+ * This is an OpenSSL specific configuration option for configuring the
+ * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the
+ * default.
+ */
+ const char *openssl_ciphers;
+
+ /**
* wps - WPS context data
*
* This is only used by EAP-WSC and can be left %NULL if not available.