path: root/src/tls/tlsv1_cred.c
Commit message (Collapse)AuthorAgeFilesLines
* TLS server: OCSP stapling with ocsp_multi option (RFC 6961)Jouni Malinen2015-12-221-0/+1
| | | | | | | | This allows hostapd with the internal TLS server implementation to support the extended OCSP stapling mechanism with multiple responses (ocsp_stapling_response_multi). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS server: OCSP staplingJouni Malinen2015-12-221-0/+1
| | | | | | | | | | This adds support for hostapd-as-authentication-server to be build with the internal TLS implementation and OCSP stapling server side support. This is more or less identical to the design used with OpenSSL, i.e., the cached response is read from the ocsp_stapling_response=<file> and sent as a response if the client requests it during the TLS handshake. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS: Add minimal support for PKCS #12Jouni Malinen2015-12-141-1/+737
| | | | | | | | This allows the internal TLS implementation to parse a private key and a certificate from a PKCS #12 file protected with pbeWithSHAAnd3-KeyTripleDES-CBC. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS client: Add support for server certificate probingJouni Malinen2015-11-291-0/+7
| | | | | | | | | The internal TLS client implementation can now be used with ca_cert="probe://" to probe the server certificate chain. This is also adding the related CTRL-EVENT-EAP-TLS-CERT-ERROR and CTRL-EVENT-EAP-PEER-CERT events. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS client: Add support for validating server certificate hashPali Rohár2015-11-291-0/+28
| | | | | | | This commit adds support for "hash://server/sha256/cert_hash_in_hex" scheme in ca_cert property for the internal TLS implementation. Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
* TLS client: Do not verify CA certificates when ca_cert is not specifiedPali Rohár2015-11-291-0/+2
| | | | | | | | | | | | | | | In documentation is written: "If ca_cert and ca_path are not included, server certificate will not be verified". This is the case when wpa_supplicant is compiled with OpenSSL library, but when using the internal TLS implementation and some certificates in CA chain are in unsupported format (e.g., use SHA384 or SHA512 hash functions) then verification fails even if ca_cert property is not specified. This commit changes behavior so that certificate verification in internal TLS implementation is really skipped when ca_cert is not specified. Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* TLS: Add a debug information on unsupported private key formatJouni Malinen2011-11-271-0/+7
| | | | | | | Provide easier to understand reason for failure to use the old OpenSSL encrypted private key format. Signed-hostap: Jouni Malinen <j@w1.fi>
* TLS: Reorder certificates if needed when reading themJouni Malinen2011-08-041-3/+15
| | | | | | | The internal TLS implementation assumes that the certificate chain is ordered by issuer certificate following the certificate that it signed. Add the certificates to the chain in suitable order when loading multiple certificates.
* Remove src/crypto from default include pathJouni Malinen2009-11-291-1/+1
| | | | | | In addition, start ordering header file includes to be in more consistent order: system header files, src/utils, src/*, same directory as the *.c file.
* TLS: Replace set_key helpers to return key instead of status codeJouni Malinen2009-10-171-19/+21
| | | | | The status code was not being used anyway, so it is simpler to just return the key as is done in crypto functions.
* Add support for PKCS #5 encrypted PKCS #8 keys with internal cryptoJouni Malinen2009-10-171-5/+36
| | | | | | Private keys can now be used in either unencrypted or encrypted PKCS #8 encoding. Only the pbeWithMD5AndDES-CBC algorithm (PKCS #5) is currently supported.
* Internal TLS: Add support for unencrypred PKCS#8 private keys in PEMJouni Malinen2009-10-161-7/+16
| | | | | | | Recognize the PEM header "BEGIN PRIVATE KEY" as base64-decode the data to be able to use PEM encoded, unencrypted PKCS#8 private keys with the internal TLS implementation. Previously, only DER encoding of the PKCS#8 private key was supported.
* Support PEM format RSA private key with internal TLS implementationJouni Malinen2009-08-161-0/+29
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+422