*/
char *private_key_passwd;
- /**
- * dh_file - File path to DH/DSA parameters file (in PEM format)
- *
- * This is an optional configuration file for setting parameters for an
- * ephemeral DH key exchange. In most cases, the default RSA
- * authentication does not use this configuration. However, it is
- * possible setup RSA to use ephemeral DH key exchange. In addition,
- * ciphers with DSA keys always use ephemeral DH keys. This can be used
- * to achieve forward secrecy. If the file is in DSA parameters format,
- * it will be automatically converted into DH params. Full path to the
- * file should be used since working directory may change when
- * wpa_supplicant is run in the background.
- *
- * Alternatively, a named configuration blob can be used by setting
- * this to blob://blob_name.
- */
- char *dh_file;
-
/**
* subject_match - Constraint for server certificate subject
*
params->client_cert = config->client_cert;
params->private_key = config->private_key;
params->private_key_passwd = config->private_key_passwd;
- params->dh_file = config->dh_file;
params->subject_match = config->subject_match;
params->altsubject_match = config->altsubject_match;
params->check_cert_subject = config->check_cert_subject;
¶ms->client_cert_blob_len) ||
eap_tls_check_blob(sm, ¶ms->private_key,
¶ms->private_key_blob,
- ¶ms->private_key_blob_len) ||
- eap_tls_check_blob(sm, ¶ms->dh_file, ¶ms->dh_blob,
- ¶ms->dh_blob_len)) {
+ ¶ms->private_key_blob_len)) {
wpa_printf(MSG_INFO, "SSL: Failed to get configuration blobs");
return -1;
}
{ STRe(client_cert, cert.client_cert) },
{ STRe(private_key, cert.private_key) },
{ STR_KEYe(private_key_passwd, cert.private_key_passwd) },
- { STRe(dh_file, cert.dh_file) },
{ STRe(subject_match, cert.subject_match) },
{ STRe(check_cert_subject, cert.check_cert_subject) },
{ STRe(altsubject_match, cert.altsubject_match) },
{ STRe(client_cert2, phase2_cert.client_cert) },
{ STRe(private_key2, phase2_cert.private_key) },
{ STR_KEYe(private_key2_passwd, phase2_cert.private_key_passwd) },
- { STRe(dh_file2, phase2_cert.dh_file) },
{ STRe(subject_match2, phase2_cert.subject_match) },
{ STRe(check_cert_subject2, phase2_cert.check_cert_subject) },
{ STRe(altsubject_match2, phase2_cert.altsubject_match) },
{ STRe(machine_private_key, machine_cert.private_key) },
{ STR_KEYe(machine_private_key_passwd,
machine_cert.private_key_passwd) },
- { STRe(machine_dh_file, machine_cert.dh_file) },
{ STRe(machine_subject_match, machine_cert.subject_match) },
{ STRe(machine_check_cert_subject, machine_cert.check_cert_subject) },
{ STRe(machine_altsubject_match, machine_cert.altsubject_match) },
os_free(cert->client_cert);
os_free(cert->private_key);
str_clear_free(cert->private_key_passwd);
- os_free(cert->dh_file);
os_free(cert->subject_match);
os_free(cert->check_cert_subject);
os_free(cert->altsubject_match);
}
+static const char *removed_fields[] = {
+ "dh_file",
+ "dh_file2",
+ "machine_dh_file",
+ NULL
+};
+
+static bool removed_field(const char *field)
+{
+ int i;
+
+ for (i = 0; removed_fields[i]; i++) {
+ if (os_strcmp(field, removed_fields[i]) == 0)
+ return true;
+ }
+
+ return false;
+}
+
+
/**
* wpa_config_set - Set a variable in network configuration
* @ssid: Pointer to network configuration data
break;
}
if (i == NUM_SSID_FIELDS) {
+ if (removed_field(var)) {
+ wpa_printf(MSG_INFO,
+ "Line %d: Ignore removed configuration field '%s'",
+ line, var);
+ return ret;
+ }
if (line) {
wpa_printf(MSG_ERROR, "Line %d: unknown network field "
"'%s'.", line, var);
STR(client_cert);
STR(private_key);
STR(private_key_passwd);
- STR(dh_file);
STR(subject_match);
STR(check_cert_subject);
STR(altsubject_match);
STR(client_cert2);
STR(private_key2);
STR(private_key2_passwd);
- STR(dh_file2);
STR(subject_match2);
STR(check_cert_subject2);
STR(altsubject_match2);
STR(machine_client_cert);
STR(machine_private_key);
STR(machine_private_key_passwd);
- STR(machine_dh_file);
STR(machine_subject_match);
STR(machine_check_cert_subject);
STR(machine_altsubject_match);
STR(client_cert);
STR(private_key);
STR(private_key_passwd);
- STR(dh_file);
STR(subject_match);
STR(check_cert_subject);
STR(altsubject_match);
STR(client_cert2);
STR(private_key2);
STR(private_key2_passwd);
- STR(dh_file2);
STR(subject_match2);
STR(check_cert_subject2);
STR(altsubject_match2);
#ifdef IEEE8021X_EAPOL
"eap", "identity", "anonymous_identity", "password", "ca_cert",
"ca_path", "client_cert", "private_key", "private_key_passwd",
- "dh_file", "subject_match", "altsubject_match",
+ "subject_match", "altsubject_match",
"check_cert_subject",
"domain_suffix_match", "domain_match", "ca_cert2", "ca_path2",
"client_cert2", "private_key2", "private_key2_passwd",
- "dh_file2", "subject_match2", "altsubject_match2",
+ "subject_match2", "altsubject_match2",
"check_cert_subject2",
"domain_suffix_match2", "domain_match2", "phase1", "phase2",
"pcsc", "pin", "engine_id", "key_id", "cert_id", "ca_cert_id",
# to blob://<blob name>.
# private_key_passwd: Password for private key file (if left out, this will be
# asked through control interface)
-# dh_file: File path to DH/DSA parameters file (in PEM format)
-# This is an optional configuration file for setting parameters for an
-# ephemeral DH key exchange. In most cases, the default RSA
-# authentication does not use this configuration. However, it is possible
-# setup RSA to use ephemeral DH key exchange. In addition, ciphers with
-# DSA keys always use ephemeral DH keys. This can be used to achieve
-# forward secrecy. If the file is in DSA parameters format, it will be
-# automatically converted into DH params.
# subject_match: Substring to be matched against the subject of the
# authentication server certificate. If this string is set, the server
# certificate is only accepted if it contains this string in the subject.
projects / thirdparty / hostap.git / commitdiff
