]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
tls: Support a null encryption flag on TLS socket abstraction
authorMartin Willi <martin@revosec.ch>
Tue, 25 Mar 2014 09:19:41 +0000 (10:19 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 1 Apr 2014 12:28:55 +0000 (14:28 +0200)
src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c
src/libpttls/pt_tls_client.c
src/libpttls/pt_tls_server.c
src/libtls/tls_socket.c
src/libtls/tls_socket.h

index 5206ba4e7585744c375affbd90fb1734d1e0f8ee..af1b28adfc02911a085e637de2979a6e6f23430d 100644 (file)
@@ -876,7 +876,8 @@ static bool soap_init(private_tnc_ifmap_soap_t *this)
        }
 
        /* open TLS socket */
-       this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL);
+       this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd,
+                                                                 NULL, FALSE);
        if (!this->tls)
        {
                DBG1(DBG_TNC, "creating TLS socket failed");
@@ -923,4 +924,3 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create()
 
        return &this->public;
 }
-
index 01a84cd149bae999dd39330a506c628dda50e442..98a2f4b4738b8dfd29c350c3c4ff27fb5cde20bb 100644 (file)
@@ -84,7 +84,8 @@ static bool make_connection(private_pt_tls_client_t *this)
                return FALSE;
        }
 
-       this->tls = tls_socket_create(FALSE, this->server, this->client, fd, NULL);
+       this->tls = tls_socket_create(FALSE, this->server, this->client, fd,
+                                                                 NULL, FALSE);
        if (!this->tls)
        {
                close(fd);
index 9af00e7c262d63cf025b0bdcfb03e362b1e3cf32..3c07475d9dbba4f5d8a7a2417c10b447deb7a022 100644 (file)
@@ -532,7 +532,7 @@ pt_tls_server_t *pt_tls_server_create(identification_t *server, int fd,
                        .destroy = _destroy,
                },
                .state = PT_TLS_SERVER_VERSION,
-               .tls = tls_socket_create(TRUE, server, NULL, fd, NULL),
+               .tls = tls_socket_create(TRUE, server, NULL, fd, NULL, FALSE),
                .tnccs = (tls_t*)tnccs,
                .auth = auth,
        );
index 19232750b125d4bcd5b6940255a3cae8ac68140a..4b18fa60efb28bc62e541bc19f4149c7db453c43 100644 (file)
@@ -406,9 +406,11 @@ METHOD(tls_socket_t, destroy, void,
  * See header
  */
 tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
-                                                       identification_t *peer, int fd, tls_cache_t *cache)
+                                                       identification_t *peer, int fd, tls_cache_t *cache,
+                                                       bool nullok)
 {
        private_tls_socket_t *this;
+       tls_purpose_t purpose;
 
        INIT(this,
                .public = {
@@ -430,7 +432,16 @@ tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
                .fd = fd,
        );
 
-       this->tls = tls_create(is_server, server, peer, TLS_PURPOSE_GENERIC,
+       if (nullok)
+       {
+               purpose = TLS_PURPOSE_GENERIC_NULLOK;
+       }
+       else
+       {
+               purpose = TLS_PURPOSE_GENERIC;
+       }
+
+       this->tls = tls_create(is_server, server, peer, purpose,
                                                   &this->app.application, cache);
        if (!this->tls)
        {
index 75130a4d390615947dcbdfb1a8f3b10da7a6e6d2..54278dd01fac192b065ec7385b7c6afe6b711a4e 100644 (file)
@@ -104,9 +104,11 @@ struct tls_socket_t {
  * @param peer                         client identity, NULL for no client authentication
  * @param fd                           socket to read/write from
  * @param cache                                session cache to use, or NULL
+ * @param nullok                       accept NULL encryption ciphers
  * @return                                     TLS socket wrapper
  */
 tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
-                                                       identification_t *peer, int fd, tls_cache_t *cache);
+                                                       identification_t *peer, int fd, tls_cache_t *cache,
+                                                       bool nullok);
 
 #endif /** TLS_SOCKET_H_ @}*/