endif
endif
+if USE_EAP_TLS
+ SUBDIRS += plugins/eap_tls
+ PLUGINS += eap-tls
+if MONOLITHIC
+ libcharon_la_LIBADD += plugins/eap_tls/libstrongswan-eap-tls.la
+endif
+endif
+
if USE_MEDSRV
SUBDIRS += plugins/medsrv
PLUGINS += medsrv
-INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon
+INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \
+ -I$(top_srcdir)/src/libcharon
AM_CFLAGS = -rdynamic
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-eap-tls.la
+else
plugin_LTLIBRARIES = libstrongswan-eap-tls.la
+endif
libstrongswan_eap_tls_la_SOURCES = eap_tls_plugin.h eap_tls_plugin.c \
eap_tls.h eap_tls.c tls/tls.h tls/tls.c \
/*
* see header file
*/
-plugin_t *plugin_create()
+plugin_t *eap_tls_plugin_create()
{
eap_tls_plugin_t *this;
/**
* Create a eap_tls_plugin instance.
*/
-plugin_t *plugin_create();
+plugin_t *eap_tls_plugin_create();
#endif /** EAP_TLS_PLUGIN_H_ @}*/
return FAILED;
}
id = identification_create_from_encoding(ID_DER_ASN1_DN, data);
- cert = charon->credentials->get_cert(charon->credentials,
- CERT_X509, KEY_ANY, id, TRUE);
+ cert = lib->credmgr->get_cert(lib->credmgr,
+ CERT_X509, KEY_ANY, id, TRUE);
if (cert)
{
DBG1(DBG_IKE, "received cert request for '%Y", id);
tls_writer_t *certs;
chunk_t data;
- this->private = charon->credentials->get_private(charon->credentials,
+ this->private = lib->credmgr->get_private(lib->credmgr,
KEY_ANY, this->peer, this->peer_auth);
if (!this->private)
{
cert = this->peer_auth->get(this->peer_auth, AUTH_RULE_SUBJECT_CERT);
if (cert)
{
- DBG1(DBG_IKE, "sending TLS peer certificate '%Y'",
- cert->get_subject(cert));
- data = cert->get_encoding(cert);
- certs->write_data24(certs, data);
- free(data.ptr);
+ if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
+ {
+ DBG1(DBG_IKE, "sending TLS peer certificate '%Y'",
+ cert->get_subject(cert));
+ certs->write_data24(certs, data);
+ free(data.ptr);
+ }
}
enumerator = this->peer_auth->create_enumerator(this->peer_auth);
while (enumerator->enumerate(enumerator, &rule, &cert))
{
if (rule == AUTH_RULE_IM_CERT)
{
- DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
- cert->get_subject(cert));
- data = cert->get_encoding(cert);
- certs->write_data24(certs, data);
- free(data.ptr);
+ if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
+ {
+ DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
+ cert->get_subject(cert));
+ certs->write_data24(certs, data);
+ free(data.ptr);
+ }
}
}
enumerator->destroy(enumerator);
chunk_from_thing(this->client_random),
chunk_from_thing(this->server_random));
- enumerator = charon->credentials->create_public_enumerator(
- charon->credentials, KEY_ANY, this->server, this->server_auth);
+ enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
+ KEY_ANY, this->server, this->server_auth);
while (enumerator->enumerate(enumerator, ¤t, &auth))
{
public = current->get_ref(current);
auth_cfg_t *auth;
tls_reader_t *sig;
- enumerator = charon->credentials->create_public_enumerator(
- charon->credentials, KEY_ANY, this->peer, this->peer_auth);
+ enumerator = lib->credmgr->create_public_enumerator(lib->credmgr,
+ KEY_ANY, this->peer, this->peer_auth);
while (enumerator->enumerate(enumerator, &public, &auth))
{
sig = tls_reader_create(reader->peek(reader));
tls_writer_t *certs;
chunk_t data;
- this->private = charon->credentials->get_private(charon->credentials,
+ this->private = lib->credmgr->get_private(lib->credmgr,
KEY_ANY, this->server, this->server_auth);
if (!this->private)
{
cert = this->server_auth->get(this->server_auth, AUTH_RULE_SUBJECT_CERT);
if (cert)
{
- DBG1(DBG_IKE, "sending TLS server certificate '%Y'",
- cert->get_subject(cert));
- data = cert->get_encoding(cert);
- certs->write_data24(certs, data);
- free(data.ptr);
+ if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
+ {
+ DBG1(DBG_IKE, "sending TLS server certificate '%Y'",
+ cert->get_subject(cert));
+ certs->write_data24(certs, data);
+ free(data.ptr);
+ }
}
enumerator = this->server_auth->create_enumerator(this->server_auth);
while (enumerator->enumerate(enumerator, &rule, &cert))
{
if (rule == AUTH_RULE_IM_CERT)
{
- DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
- cert->get_subject(cert));
- data = cert->get_encoding(cert);
- certs->write_data24(certs, data);
- free(data.ptr);
+ if (cert->get_encoding(cert, CERT_ASN1_DER, &data))
+ {
+ DBG1(DBG_IKE, "sending TLS intermediate certificate '%Y'",
+ cert->get_subject(cert));
+ certs->write_data24(certs, data);
+ free(data.ptr);
+ }
}
}
enumerator->destroy(enumerator);
}
authorities = tls_writer_create(64);
- enumerator = charon->credentials->create_cert_enumerator(
- charon->credentials, CERT_X509, KEY_RSA, NULL, TRUE);
+ enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr,
+ CERT_X509, KEY_RSA, NULL, TRUE);
while (enumerator->enumerate(enumerator, &cert))
{
id = cert->get_subject(cert);
"MD5",
"OTP",
"GTC");
-ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC,
+ENUM_NEXT(eap_type_short_names, EAP_TLS, EAP_TLS, EAP_GTC,
+ "TLS");
+ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_TLS,
"SIM");
ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM,
"AKA");