TLS: Reject openssl_ciphers parameter in non-OpenSSL cases

This TLS configuration parameter is explicitly for OpenSSL. Instead of
ignoring it silently, reject any configuration trying to use it in
builds that use other options for TLS implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index 1eb4b66f2ef907d595c82ceae5451cd1191210d4..f5a26e7e783c0310b527b59c58c81aca382fadac 100644 (file)
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -423,6 +423,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                return -1;
        }
 
+       if (params->openssl_ciphers) {
+               wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+               return -1;
+       }
+
        /* TODO: gnutls_certificate_set_verify_flags(xcred, flags); 
         * to force peer validation(?) */
 

diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index 233795176d83a9c15546e99507f1d662747423dc..6963309b7be0e71bc0b5f9ce75a795f2635cb2f7 100644 (file)
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -205,6 +205,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                return -1;
        }
 
+       if (params->openssl_ciphers) {
+               wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+               return -1;
+       }
+
        if (tlsv1_set_ca_cert(cred, params->ca_cert,
                              params->ca_cert_blob, params->ca_cert_blob_len,
                              params->ca_path)) {

diff --git a/src/crypto/tls_schannel.c b/src/crypto/tls_schannel.c
index e1d0f597fe2caf101b62437983db5be5c6c7464d..28cf71951b013bf685c646dede06245cf6eae3a1 100644 (file)
--- a/src/crypto/tls_schannel.c
+++ b/src/crypto/tls_schannel.c
@@ -707,6 +707,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                return -1;
        }
 
+       if (params->openssl_ciphers) {
+               wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+               return -1;
+       }
+
        if (global->my_cert_store == NULL &&
            (global->my_cert_store = CertOpenSystemStore(0, TEXT("MY"))) ==
            NULL) {