Added a TLS purpose for EAP-TTLS with client authentication

diff --git a/src/libtls/tls.h b/src/libtls/tls.h
index a426d7618a39ee3df49e01cb4fbd9df988a3527b..5c06686b744340263a385a71bccad2815cbd0aa9 100644 (file)
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -96,6 +96,8 @@ enum tls_purpose_t {
        TLS_PURPOSE_EAP_TLS,
        /** outer authentication and protection in EAP-TTLS */
        TLS_PURPOSE_EAP_TTLS,
+       /** EAP-TTLS with client authentication */
+       TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH,
 };
 
 /**

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 26e4dfa41d06e90bd83a3172f1bd2bfa286bbe31..a12944af13b765ae45a9f8137d241edc5bde96ad 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -926,6 +926,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls)
                        build_cipher_suite_list(this, FALSE);
                        break;
                case TLS_PURPOSE_EAP_TTLS:
+               case TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH:
                        /* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
                        this->msk_label = "ttls keying material";
                        build_cipher_suite_list(this, TRUE);

diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index 4f988c603306229ece56dcc46b501d4e7a7af04c..77e26d6fac6b63a3f0a4c098c732a3df3e44c03e 100644 (file)
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -682,6 +682,7 @@ tls_server_t *tls_server_create(tls_t *tls,
        switch (tls->get_purpose(tls))
        {
                case TLS_PURPOSE_EAP_TLS:
+               case TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH:
                        this->request_peer_auth = TRUE;
                        break;
                case TLS_PURPOSE_EAP_TTLS: