diff options
author | Jouni Malinen <j@w1.fi> | 2015-11-29 17:48:17 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2015-11-29 17:48:17 (GMT) |
commit | 0cbc22b2eb37713e5f8e63783ce7f87fee8272bd (patch) | |
tree | fde9d229468896ffb880bb2de25efc86de05ce08 /src/tls | |
parent | 20804fe8448df81a875e0b62d3ee01e696caa90a (diff) | |
download | hostap-0cbc22b2eb37713e5f8e63783ce7f87fee8272bd.zip hostap-0cbc22b2eb37713e5f8e63783ce7f87fee8272bd.tar.gz hostap-0cbc22b2eb37713e5f8e63783ce7f87fee8272bd.tar.bz2 |
TLS client: Use TLS_CONN_* flags
This makes it simpler to add support for new TLS_CONN_* flags without
having to add a new configuration function for each flag.
Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls')
-rw-r--r-- | src/tls/tlsv1_client.c | 9 | ||||
-rw-r--r-- | src/tls/tlsv1_client.h | 2 | ||||
-rw-r--r-- | src/tls/tlsv1_client_i.h | 3 | ||||
-rw-r--r-- | src/tls/tlsv1_client_read.c | 6 |
4 files changed, 13 insertions, 7 deletions
diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c index 26f055c..846d293 100644 --- a/src/tls/tlsv1_client.c +++ b/src/tls/tlsv1_client.c @@ -811,9 +811,14 @@ int tlsv1_client_set_cred(struct tlsv1_client *conn, } -void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled) +/** + * tlsv1_client_set_flags - Set connection flags + * @conn: TLSv1 client connection data from tlsv1_client_init() + * @flags: TLS_CONN_* bitfield + */ +void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags) { - conn->disable_time_checks = !enabled; + conn->flags = flags; } diff --git a/src/tls/tlsv1_client.h b/src/tls/tlsv1_client.h index 95bd545..40fa6c7 100644 --- a/src/tls/tlsv1_client.h +++ b/src/tls/tlsv1_client.h @@ -41,7 +41,7 @@ int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn); int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers); int tlsv1_client_set_cred(struct tlsv1_client *conn, struct tlsv1_credentials *cred); -void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled); +void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags); typedef int (*tlsv1_client_session_ticket_cb) (void *ctx, const u8 *ticket, size_t len, const u8 *client_random, diff --git a/src/tls/tlsv1_client_i.h b/src/tls/tlsv1_client_i.h index 1c517a8..6c4dbc7 100644 --- a/src/tls/tlsv1_client_i.h +++ b/src/tls/tlsv1_client_i.h @@ -29,11 +29,12 @@ struct tlsv1_client { u8 alert_level; u8 alert_description; + unsigned int flags; /* TLS_CONN_* bitfield */ + unsigned int certificate_requested:1; unsigned int session_resumed:1; unsigned int session_ticket_included:1; unsigned int use_session_ticket:1; - unsigned int disable_time_checks:1; unsigned int cert_in_cb:1; struct crypto_public_key *server_rsa_key; diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c index a2cd478..217c29b 100644 --- a/src/tls/tlsv1_client_read.c +++ b/src/tls/tlsv1_client_read.c @@ -463,9 +463,9 @@ static int tls_process_certificate(struct tlsv1_client *conn, u8 ct, x509_certificate_chain_free(chain); return -1; } else if (conn->cred && conn->cred->ca_cert_verify && - x509_certificate_chain_validate(conn->cred->trusted_certs, - chain, &reason, - conn->disable_time_checks) + x509_certificate_chain_validate( + conn->cred->trusted_certs, chain, &reason, + !!(conn->flags & TLS_CONN_DISABLE_TIME_CHECKS)) < 0) { int tls_reason; wpa_printf(MSG_DEBUG, "TLSv1: Server certificate chain " |