diff options
author | Jouni Malinen <j@w1.fi> | 2014-10-12 08:53:51 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2014-10-12 08:55:13 (GMT) |
commit | 07e2de3193b0a10d1e0a6d0343698b740b279047 (patch) | |
tree | cc09567d2ae5d3b112c80e7f737fe3ff37e67647 /src/eapol_supp | |
parent | f8995f8f1cbed905cd222c056270fea94a9a61c6 (diff) | |
download | hostap-07e2de3193b0a10d1e0a6d0343698b740b279047.zip hostap-07e2de3193b0a10d1e0a6d0343698b740b279047.tar.gz hostap-07e2de3193b0a10d1e0a6d0343698b740b279047.tar.bz2 |
wpa_supplicant: Allow OpenSSL cipherlist string to be configured
The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled for TLS-based EAP methods when
OpenSSL is used as the TLS library. This parameter can be used both as a
global parameter to set the default for all network blocks and as a
network block parameter to override the default for each network
profile.
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eapol_supp')
-rw-r--r-- | src/eapol_supp/eapol_supp_sm.c | 1 | ||||
-rw-r--r-- | src/eapol_supp/eapol_supp_sm.h | 9 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c index 70258be..ef8d6ee 100644 --- a/src/eapol_supp/eapol_supp_sm.c +++ b/src/eapol_supp/eapol_supp_sm.c @@ -2026,6 +2026,7 @@ struct eapol_sm *eapol_sm_init(struct eapol_ctx *ctx) conf.opensc_engine_path = ctx->opensc_engine_path; conf.pkcs11_engine_path = ctx->pkcs11_engine_path; conf.pkcs11_module_path = ctx->pkcs11_module_path; + conf.openssl_ciphers = ctx->openssl_ciphers; conf.wps = ctx->wps; conf.cert_in_cb = ctx->cert_in_cb; diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h index 5b37314..2a79052 100644 --- a/src/eapol_supp/eapol_supp_sm.h +++ b/src/eapol_supp/eapol_supp_sm.h @@ -210,6 +210,15 @@ struct eapol_ctx { const char *pkcs11_module_path; /** + * openssl_ciphers - OpenSSL cipher string + * + * This is an OpenSSL specific configuration option for configuring the + * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the + * default. + */ + const char *openssl_ciphers; + + /** * wps - WPS context data * * This is only used by EAP-WSC and can be left %NULL if not available. |