aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tlsv1_server.h
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-03-01 22:43:59 (GMT)
committerJouni Malinen <j@w1.fi>2014-03-09 16:47:09 (GMT)
commit390b92913a9a1b3a6aaf70e8b5971a7b7c76cabc (patch)
treef1133b51bd4457347248a0e126fa43dcbbe18d1d /src/tls/tlsv1_server.h
parent994afe3390695400ea63df5533c1dd9d8c2ccbd4 (diff)
downloadhostap-390b92913a9a1b3a6aaf70e8b5971a7b7c76cabc.zip
hostap-390b92913a9a1b3a6aaf70e8b5971a7b7c76cabc.tar.gz
hostap-390b92913a9a1b3a6aaf70e8b5971a7b7c76cabc.tar.bz2
TLS testing: Allow hostapd to be used as a TLS testing tool
The internal TLS server implementation and RADIUS server implementation in hostapd can be configured to allow EAP clients to be tested to perform TLS validation steps correctly. This functionality is not included in the default build; CONFIG_TESTING_OPTIONS=y in hostapd/.config can be used to enable this. When enabled, the RADIUS server will configure special TLS test modes based on the received User-Name attribute value in this format: <user>@test-tls-<id>.<rest-of-realm>. For example, anonymous@test-tls-1.example.com. When this special format is used, TLS test modes are enabled. For other cases, the RADIUS server works normally. The following TLS test cases are enabled in this commit: 1 - break verify_data in the server Finished message 2 - break signed_params hash in ServerKeyExchange 3 - break Signature in ServerKeyExchange Correctly behaving TLS client must abort connection if any of these failures is detected and as such, shall not transmit continue the session. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls/tlsv1_server.h')
-rw-r--r--src/tls/tlsv1_server.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/tls/tlsv1_server.h b/src/tls/tlsv1_server.h
index b20ff1a..b2b28d1 100644
--- a/src/tls/tlsv1_server.h
+++ b/src/tls/tlsv1_server.h
@@ -48,4 +48,6 @@ void tlsv1_server_set_session_ticket_cb(struct tlsv1_server *conn,
void tlsv1_server_set_log_cb(struct tlsv1_server *conn,
void (*cb)(void *ctx, const char *msg), void *ctx);
+void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags);
+
#endif /* TLSV1_SERVER_H */