aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-08-23 18:11:01 (GMT)
committerJouni Malinen <j@w1.fi>2015-08-23 23:29:29 (GMT)
commitbfbebd266587aea00ed83d9b21851a93ae243a24 (patch)
tree1d2858e30ced708da143325776ef4d2f23c35a86
parentbd9b8b2b68109d3142fcd8fff475634cef35092a (diff)
downloadhostap-bfbebd266587aea00ed83d9b21851a93ae243a24.zip
hostap-bfbebd266587aea00ed83d9b21851a93ae243a24.tar.gz
hostap-bfbebd266587aea00ed83d9b21851a93ae243a24.tar.bz2
TLS: Add new arguments to tls_connection_set_verify()
The new flags and session_ctx arguments will be used in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/crypto/tls.h8
-rw-r--r--src/crypto/tls_gnutls.c3
-rw-r--r--src/crypto/tls_internal.c3
-rw-r--r--src/crypto/tls_none.c3
-rw-r--r--src/crypto/tls_openssl.c3
-rw-r--r--src/eap_server/eap_server_tls_common.c5
6 files changed, 19 insertions, 6 deletions
diff --git a/src/crypto/tls.h b/src/crypto/tls.h
index 5f1fcf2..31c4e36 100644
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -305,11 +305,17 @@ int __must_check tls_global_set_verify(void *tls_ctx, int check_crl);
* @tls_ctx: TLS context data from tls_init()
* @conn: Connection context data from tls_connection_init()
* @verify_peer: 1 = verify peer certificate
+ * @flags: Connection flags (TLS_CONN_*)
+ * @session_ctx: Session caching context or %NULL to use default
+ * @session_ctx_len: Length of @session_ctx in bytes.
* Returns: 0 on success, -1 on failure
*/
int __must_check tls_connection_set_verify(void *tls_ctx,
struct tls_connection *conn,
- int verify_peer);
+ int verify_peer,
+ unsigned int flags,
+ const u8 *session_ctx,
+ size_t session_ctx_len);
/**
* tls_connection_get_random - Get random data from TLS connection
diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index b53ec48..3c39e54 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -708,7 +708,8 @@ int tls_global_set_verify(void *ssl_ctx, int check_crl)
int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
- int verify_peer)
+ int verify_peer, unsigned int flags,
+ const u8 *session_ctx, size_t session_ctx_len)
{
if (conn == NULL || conn->session == NULL)
return -1;
diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index df44f0a..79f14a3 100644
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -328,7 +328,8 @@ int tls_global_set_verify(void *tls_ctx, int check_crl)
int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
- int verify_peer)
+ int verify_peer, unsigned int flags,
+ const u8 *session_ctx, size_t session_ctx_len)
{
#ifdef CONFIG_TLS_INTERNAL_SERVER
if (conn->server)
diff --git a/src/crypto/tls_none.c b/src/crypto/tls_none.c
index 3474302..1f8c9b4 100644
--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@@ -72,7 +72,8 @@ int tls_global_set_verify(void *tls_ctx, int check_crl)
int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
- int verify_peer)
+ int verify_peer, unsigned int flags,
+ const u8 *session_ctx, size_t session_ctx_len)
{
return -1;
}
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 8b84171..10201d6 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1944,7 +1944,8 @@ static int tls_connection_set_subject_match(struct tls_connection *conn,
int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
- int verify_peer)
+ int verify_peer, unsigned int flags,
+ const u8 *session_ctx, size_t session_ctx_len)
{
static int counter = 0;
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index 3fc7cdc..ce3bda3 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -46,6 +46,8 @@ static void eap_server_tls_log_cb(void *ctx, const char *msg)
int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
int verify_peer)
{
+ unsigned int flags = 0;
+
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method");
return -1;
@@ -68,7 +70,8 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_TLS_INTERNAL */
- if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
+ if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer,
+ flags, NULL, 0)) {
wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
"of TLS peer certificate");
tls_connection_deinit(sm->ssl_ctx, data->conn);