}
/* open TLS socket */
- this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL);
+ this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd,
+ NULL, FALSE);
if (!this->tls)
{
DBG1(DBG_TNC, "creating TLS socket failed");
return &this->public;
}
-
return FALSE;
}
- this->tls = tls_socket_create(FALSE, this->server, this->client, fd, NULL);
+ this->tls = tls_socket_create(FALSE, this->server, this->client, fd,
+ NULL, FALSE);
if (!this->tls)
{
close(fd);
.destroy = _destroy,
},
.state = PT_TLS_SERVER_VERSION,
- .tls = tls_socket_create(TRUE, server, NULL, fd, NULL),
+ .tls = tls_socket_create(TRUE, server, NULL, fd, NULL, FALSE),
.tnccs = (tls_t*)tnccs,
.auth = auth,
);
* See header
*/
tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
- identification_t *peer, int fd, tls_cache_t *cache)
+ identification_t *peer, int fd, tls_cache_t *cache,
+ bool nullok)
{
private_tls_socket_t *this;
+ tls_purpose_t purpose;
INIT(this,
.public = {
.fd = fd,
);
- this->tls = tls_create(is_server, server, peer, TLS_PURPOSE_GENERIC,
+ if (nullok)
+ {
+ purpose = TLS_PURPOSE_GENERIC_NULLOK;
+ }
+ else
+ {
+ purpose = TLS_PURPOSE_GENERIC;
+ }
+
+ this->tls = tls_create(is_server, server, peer, purpose,
&this->app.application, cache);
if (!this->tls)
{
* @param peer client identity, NULL for no client authentication
* @param fd socket to read/write from
* @param cache session cache to use, or NULL
+ * @param nullok accept NULL encryption ciphers
* @return TLS socket wrapper
*/
tls_socket_t *tls_socket_create(bool is_server, identification_t *server,
- identification_t *peer, int fd, tls_cache_t *cache);
+ identification_t *peer, int fd, tls_cache_t *cache,
+ bool nullok);
#endif /** TLS_SOCKET_H_ @}*/