aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/config_file.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-07-12 15:11:53 (GMT)
committerJouni Malinen <j@w1.fi>2019-07-12 15:13:10 (GMT)
commite2722bf81db3463b698e61908a5e9380184ce13d (patch)
treef10faa85b7670159a66a3fb2315b295f35dd4fb0 /hostapd/config_file.c
parent857edf4bf43e8e9e5e2a42cb0d2789f96f4becfa (diff)
downloadhostap-e2722bf81db3463b698e61908a5e9380184ce13d.zip
hostap-e2722bf81db3463b698e61908a5e9380184ce13d.tar.gz
hostap-e2722bf81db3463b698e61908a5e9380184ce13d.tar.bz2
OpenSSL: Allow two server certificates/keys to be configured on server
hostapd EAP server can now be configured with two separate server certificates/keys to enable parallel operations using both RSA and ECC public keys. The server will pick which one to use based on the client preferences for the cipher suite (in the TLS ClientHello message). It should be noted that number of deployed EAP peer implementations do not filter out the cipher suite list based on their local configuration and as such, configuration of alternative types of certificates on the server may result in interoperability issues. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'hostapd/config_file.c')
-rw-r--r--hostapd/config_file.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 3a29438..df41f14 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2589,12 +2589,21 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "server_cert") == 0) {
os_free(bss->server_cert);
bss->server_cert = os_strdup(pos);
+ } else if (os_strcmp(buf, "server_cert2") == 0) {
+ os_free(bss->server_cert2);
+ bss->server_cert2 = os_strdup(pos);
} else if (os_strcmp(buf, "private_key") == 0) {
os_free(bss->private_key);
bss->private_key = os_strdup(pos);
+ } else if (os_strcmp(buf, "private_key2") == 0) {
+ os_free(bss->private_key2);
+ bss->private_key2 = os_strdup(pos);
} else if (os_strcmp(buf, "private_key_passwd") == 0) {
os_free(bss->private_key_passwd);
bss->private_key_passwd = os_strdup(pos);
+ } else if (os_strcmp(buf, "private_key_passwd2") == 0) {
+ os_free(bss->private_key_passwd2);
+ bss->private_key_passwd2 = os_strdup(pos);
} else if (os_strcmp(buf, "check_cert_subject") == 0) {
if (!pos[0]) {
wpa_printf(MSG_ERROR, "Line %d: unknown check_cert_subject '%s'",