aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-11-29 17:48:17 (GMT)
committerJouni Malinen <j@w1.fi>2015-11-29 17:48:17 (GMT)
commit0cbc22b2eb37713e5f8e63783ce7f87fee8272bd (patch)
treefde9d229468896ffb880bb2de25efc86de05ce08 /src/tls
parent20804fe8448df81a875e0b62d3ee01e696caa90a (diff)
downloadhostap-0cbc22b2eb37713e5f8e63783ce7f87fee8272bd.zip
hostap-0cbc22b2eb37713e5f8e63783ce7f87fee8272bd.tar.gz
hostap-0cbc22b2eb37713e5f8e63783ce7f87fee8272bd.tar.bz2
TLS client: Use TLS_CONN_* flags
This makes it simpler to add support for new TLS_CONN_* flags without having to add a new configuration function for each flag. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls')
-rw-r--r--src/tls/tlsv1_client.c9
-rw-r--r--src/tls/tlsv1_client.h2
-rw-r--r--src/tls/tlsv1_client_i.h3
-rw-r--r--src/tls/tlsv1_client_read.c6
4 files changed, 13 insertions, 7 deletions
diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c
index 26f055c..846d293 100644
--- a/src/tls/tlsv1_client.c
+++ b/src/tls/tlsv1_client.c
@@ -811,9 +811,14 @@ int tlsv1_client_set_cred(struct tlsv1_client *conn,
}
-void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled)
+/**
+ * tlsv1_client_set_flags - Set connection flags
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @flags: TLS_CONN_* bitfield
+ */
+void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags)
{
- conn->disable_time_checks = !enabled;
+ conn->flags = flags;
}
diff --git a/src/tls/tlsv1_client.h b/src/tls/tlsv1_client.h
index 95bd545..40fa6c7 100644
--- a/src/tls/tlsv1_client.h
+++ b/src/tls/tlsv1_client.h
@@ -41,7 +41,7 @@ int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn);
int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers);
int tlsv1_client_set_cred(struct tlsv1_client *conn,
struct tlsv1_credentials *cred);
-void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled);
+void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags);
typedef int (*tlsv1_client_session_ticket_cb)
(void *ctx, const u8 *ticket, size_t len, const u8 *client_random,
diff --git a/src/tls/tlsv1_client_i.h b/src/tls/tlsv1_client_i.h
index 1c517a8..6c4dbc7 100644
--- a/src/tls/tlsv1_client_i.h
+++ b/src/tls/tlsv1_client_i.h
@@ -29,11 +29,12 @@ struct tlsv1_client {
u8 alert_level;
u8 alert_description;
+ unsigned int flags; /* TLS_CONN_* bitfield */
+
unsigned int certificate_requested:1;
unsigned int session_resumed:1;
unsigned int session_ticket_included:1;
unsigned int use_session_ticket:1;
- unsigned int disable_time_checks:1;
unsigned int cert_in_cb:1;
struct crypto_public_key *server_rsa_key;
diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c
index a2cd478..217c29b 100644
--- a/src/tls/tlsv1_client_read.c
+++ b/src/tls/tlsv1_client_read.c
@@ -463,9 +463,9 @@ static int tls_process_certificate(struct tlsv1_client *conn, u8 ct,
x509_certificate_chain_free(chain);
return -1;
} else if (conn->cred && conn->cred->ca_cert_verify &&
- x509_certificate_chain_validate(conn->cred->trusted_certs,
- chain, &reason,
- conn->disable_time_checks)
+ x509_certificate_chain_validate(
+ conn->cred->trusted_certs, chain, &reason,
+ !!(conn->flags & TLS_CONN_DISABLE_TIME_CHECKS))
< 0) {
int tls_reason;
wpa_printf(MSG_DEBUG, "TLSv1: Server certificate chain "