TLS_PURPOSE_EAP_TTLS,
/** EAP-TTLS with client authentication */
TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH,
+ /** non-EAP TLS without client authentication */
+ TLS_PURPOSE_GENERIC,
+ /** non-EAP TLS with client authentication */
+ TLS_PURPOSE_GENERIC_CLIENT_AUTH,
};
/**
METHOD(tls_crypto_t, derive_eap_msk, void,
private_tls_crypto_t *this, chunk_t client_random, chunk_t server_random)
{
- chunk_t seed;
+ if (this->msk_label)
+ {
+ chunk_t seed;
- seed = chunk_cata("cc", client_random, server_random);
- free(this->msk.ptr);
- this->msk = chunk_alloc(64);
- this->prf->get_bytes(this->prf, this->msk_label, seed,
- this->msk.len, this->msk.ptr);
+ seed = chunk_cata("cc", client_random, server_random);
+ free(this->msk.ptr);
+ this->msk = chunk_alloc(64);
+ this->prf->get_bytes(this->prf, this->msk_label, seed,
+ this->msk.len, this->msk.ptr);
+ }
}
METHOD(tls_crypto_t, get_eap_msk, chunk_t,
this->msk_label = "ttls keying material";
build_cipher_suite_list(this, TRUE);
break;
+ case TLS_PURPOSE_GENERIC:
+ case TLS_PURPOSE_GENERIC_CLIENT_AUTH:
+ build_cipher_suite_list(this, TRUE);
+ break;
}
return &this->public;
}
{
case TLS_PURPOSE_EAP_TLS:
case TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH:
+ case TLS_PURPOSE_GENERIC_CLIENT_AUTH:
this->request_peer_auth = TRUE;
break;
case TLS_PURPOSE_EAP_TTLS:
+ case TLS_PURPOSE_GENERIC:
break;
}
return &this->public;
projects / thirdparty / strongswan.git / commitdiff
