};
/** Maximum number of EAP-TLS messages/fragments allowed */
-#define MAX_EAP_TLS_MESSAGE_COUNT 24
+#define MAX_MESSAGE_COUNT 24
+/** Default size of a EAP-TLS fragment */
+#define MAX_FRAGMENT_LEN 1024
METHOD(eap_method_t, initiate, status_t,
private_eap_tls_t *this, eap_payload_t **out)
status_t status;
chunk_t data;
- if (++this->processed > MAX_EAP_TLS_MESSAGE_COUNT)
+ if (++this->processed > MAX_MESSAGE_COUNT)
{
DBG1(DBG_IKE, "EAP-TLS packet count exceeded (%d > %d)",
- this->processed, MAX_EAP_TLS_MESSAGE_COUNT);
+ this->processed, MAX_MESSAGE_COUNT);
return FAILED;
}
data = in->get_data(in);
identification_t *peer, bool is_server)
{
private_eap_tls_t *this;
+ size_t frag_size;
INIT(this,
.public = {
},
);
- this->tls_eap = tls_eap_create(EAP_TLS, is_server, server, peer, NULL);
+ frag_size = lib->settings->get_int(lib->settings,
+ "charon.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN);
+ this->tls_eap = tls_eap_create(EAP_TLS, is_server, server, peer,
+ NULL, frag_size);
if (!this->tls_eap)
{
free(this);
};
/** Maximum number of EAP-TTLS messages/fragments allowed */
-#define MAX_EAP_TTLS_MESSAGE_COUNT 32
+#define MAX_MESSAGE_COUNT 32
+/** Default size of a EAP-TTLS fragment */
+#define MAX_FRAGMENT_LEN 1024
METHOD(eap_method_t, initiate, status_t,
private_eap_ttls_t *this, eap_payload_t **out)
status_t status;
chunk_t data;
- if (++this->processed > MAX_EAP_TTLS_MESSAGE_COUNT)
+ if (++this->processed > MAX_MESSAGE_COUNT)
{
DBG1(DBG_IKE, "EAP-TTLS packet count exceeded (%d > %d)",
- this->processed, MAX_EAP_TTLS_MESSAGE_COUNT);
+ this->processed, MAX_MESSAGE_COUNT);
return FAILED;
}
data = in->get_data(in);
tls_application_t *application)
{
private_eap_ttls_t *this;
+ size_t frag_size;
INIT(this,
.public = {
{
peer = NULL;
}
- this->tls_eap = tls_eap_create(EAP_TTLS, is_server,
- server, peer, application);
+ frag_size = lib->settings->get_int(lib->settings,
+ "charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN);
+ this->tls_eap = tls_eap_create(EAP_TTLS, is_server, server, peer,
+ application, frag_size);
if (!this->tls_eap)
{
application->destroy(application);
/** Size limit for a single TLS message */
#define MAX_TLS_MESSAGE_LEN 65536
-/** Size of a EAP-TLS fragment */
-#define EAP_TLS_FRAGMENT_LEN 1014
typedef struct private_tls_eap_t private_tls_eap_t;
* First fragment of a multi-fragment record?
*/
bool first_fragment;
+
+ /**
+ * Maximum size of an outgoing EAP-TLS fragment
+ */
+ size_t frag_size;
};
/**
static status_t build_pkt(private_tls_eap_t *this,
u_int8_t identifier, chunk_t *out)
{
- char buf[EAP_TLS_FRAGMENT_LEN];
+ char buf[this->frag_size];
eap_tls_packet_t *pkt;
size_t len, reclen;
status_t status;
*/
tls_eap_t *tls_eap_create(eap_type_t type, bool is_server,
identification_t *server, identification_t *peer,
- tls_application_t *application)
+ tls_application_t *application, size_t frag_size)
{
private_tls_eap_t *this;
tls_purpose_t purpose;
.type = type,
.is_server = is_server,
.first_fragment = TRUE,
+ .frag_size = frag_size,
.tls = tls_create(is_server, server, peer, purpose, application),
);
if (!this->tls)
* @param server server identity
* @param peer peer identity, NULL to omit peer authentication
* @param application TLS application layer, if any
+ * @param frag_size maximum size of a TLS fragment we send
*/
tls_eap_t *tls_eap_create(eap_type_t type, bool is_server,
identification_t *server, identification_t *peer,
- tls_application_t *application);
+ tls_application_t *application, size_t frag_size);
#endif /** TLS_EAP_H_ @}*/
projects / thirdparty / strongswan.git / commitdiff
