TLS client: Use TLS_CONN_* flags

This makes it simpler to add support for new TLS_CONN_* flags without
having to add a new configuration function for each flag.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index ff773fe78cae774742cd990f6ea46c482eb1cc4c..4cf5c45549441809c12fc9383c11739398df570c 100644 (file)
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -273,8 +273,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                return -1;
        }
 
-       tlsv1_client_set_time_checks(
-               conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));
+       tlsv1_client_set_flags(conn->client, params->flags);
 
        return 0;
 #else /* CONFIG_TLS_INTERNAL_CLIENT */

diff --git a/src/tls/tlsv1_client.c b/src/tls/tlsv1_client.c
index 26f055c1e1d9b6ee08f3653ba65b786b2fb57ac6..846d293202cf7e8e5c41407df02a7cb1d3eb0398 100644 (file)
--- a/src/tls/tlsv1_client.c
+++ b/src/tls/tlsv1_client.c
@@ -811,9 +811,14 @@ int tlsv1_client_set_cred(struct tlsv1_client *conn,
 }
 
 
-void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled)
+/**
+ * tlsv1_client_set_flags - Set connection flags
+ * @conn: TLSv1 client connection data from tlsv1_client_init()
+ * @flags: TLS_CONN_* bitfield
+ */
+void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags)
 {
-       conn->disable_time_checks = !enabled;
+       conn->flags = flags;
 }
 
 

diff --git a/src/tls/tlsv1_client.h b/src/tls/tlsv1_client.h
index 95bd545feece244d2bb71eed9eeeaba79932376b..40fa6c7fbdeeb17f55c2bc369c904e3aadf7d4e2 100644 (file)
--- a/src/tls/tlsv1_client.h
+++ b/src/tls/tlsv1_client.h
@@ -41,7 +41,7 @@ int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn);
 int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers);
 int tlsv1_client_set_cred(struct tlsv1_client *conn,
                          struct tlsv1_credentials *cred);
-void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled);
+void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags);
 
 typedef int (*tlsv1_client_session_ticket_cb)
 (void *ctx, const u8 *ticket, size_t len, const u8 *client_random,

diff --git a/src/tls/tlsv1_client_i.h b/src/tls/tlsv1_client_i.h
index 1c517a8f346444f6b92e66ccf627efc0f4cd8c90..6c4dbc71002f598cabaa2b9a3811dcf299b8bf2a 100644 (file)
--- a/src/tls/tlsv1_client_i.h
+++ b/src/tls/tlsv1_client_i.h
@@ -29,11 +29,12 @@ struct tlsv1_client {
        u8 alert_level;
        u8 alert_description;
 
+       unsigned int flags; /* TLS_CONN_* bitfield */
+
        unsigned int certificate_requested:1;
        unsigned int session_resumed:1;
        unsigned int session_ticket_included:1;
        unsigned int use_session_ticket:1;
-       unsigned int disable_time_checks:1;
        unsigned int cert_in_cb:1;
 
        struct crypto_public_key *server_rsa_key;

diff --git a/src/tls/tlsv1_client_read.c b/src/tls/tlsv1_client_read.c
index a2cd478e87729199ce4f56a86a724e3cc1049638..217c29be2c6562421526be55cd318f2de6f472e2 100644 (file)
--- a/src/tls/tlsv1_client_read.c
+++ b/src/tls/tlsv1_client_read.c
@@ -463,9 +463,9 @@ static int tls_process_certificate(struct tlsv1_client *conn, u8 ct,
                x509_certificate_chain_free(chain);
                return -1;
        } else if (conn->cred && conn->cred->ca_cert_verify &&
-                  x509_certificate_chain_validate(conn->cred->trusted_certs,
-                                                  chain, &reason,
-                                                  conn->disable_time_checks)
+                  x509_certificate_chain_validate(
+                          conn->cred->trusted_certs, chain, &reason,
+                          !!(conn->flags & TLS_CONN_DISABLE_TIME_CHECKS))
                   < 0) {
                int tls_reason;
                wpa_printf(MSG_DEBUG, "TLSv1: Server certificate chain "