eap_example: Fix configuration by added DH parameters

The internal TLS implementation supports number of additional cipher
suites that require DH parameters to be set on the server. Such a cipher
suite is selected by default in the eap_example case which prevented the
TLS handshake from completing successfully. Fix this by adding DH
parameters to the server configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/eap_example/dh.conf b/eap_example/dh.conf
new file mode 100644 (file)
index 0000000..7bc8325
--- /dev/null
+++ b/eap_example/dh.conf
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAP3V8IHq3H2DUlYywsvjYNuS17eCdt0mJo6/os6PHqdhgkMrPxF9u4Gr
+qKXq9e6GqmZYdjta30N3FkXaV924BJ0xOqb2TntiKg4u50/l6hSUneWt6UFBaizd
+XrqjNFIme/5RXMZ7RglXliBpCepAaFLMcKhOS4ulUyYYHSy+oqRjAgEC
+-----END DH PARAMETERS-----

diff --git a/eap_example/eap_example_server.c b/eap_example/eap_example_server.c
index 7097bcae389fb9e65542978639f52356dcb029c5..a081b873ad2174489a6e683bf481de048c7d7756 100644 (file)
--- a/eap_example/eap_example_server.c
+++ b/eap_example/eap_example_server.c
@@ -81,6 +81,7 @@ static int eap_example_server_init_tls(void)
        /* tparams.private_key = "server.key"; */
        tparams.private_key = "server-key.pem";
        /* tparams.private_key_passwd = "whatever"; */
+       tparams.dh_file = "dh.conf";
 
        if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) {
                printf("Failed to set TLS parameters\n");