TLS: Add new arguments to tls_connection_set_verify()

author Jouni Malinen <j@w1.fi>

Sun, 23 Aug 2015 18:11:01 +0000 (21:11 +0300)

committer Jouni Malinen <j@w1.fi>

Sun, 23 Aug 2015 23:29:29 +0000 (02:29 +0300)
author Jouni Malinen <j@w1.fi>
Sun, 23 Aug 2015 18:11:01 +0000 (21:11 +0300)
committer Jouni Malinen <j@w1.fi>
Sun, 23 Aug 2015 23:29:29 +0000 (02:29 +0300)
diff --git a/src/crypto/tls.h b/src/crypto/tls.h

index 5f1fcf2fb71c2b54f2d4986144fbede12e7ca55b..31c4e367cab2e01cf8439ebe141375718bc516e8 100644 (file)
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -305,11 +305,17 @@ int __must_check tls_global_set_verify(void *tls_ctx, int check_crl);
   * @tls_ctx: TLS context data from tls_init()
   * @conn: Connection context data from tls_connection_init()
   * @verify_peer: 1 = verify peer certificate
+ * @flags: Connection flags (TLS_CONN_*)
+ * @session_ctx: Session caching context or %NULL to use default
+ * @session_ctx_len: Length of @session_ctx in bytes.
   * Returns: 0 on success, -1 on failure
   */
  int __must_check tls_connection_set_verify(void *tls_ctx,
                                            struct tls_connection *conn,
-                                          int verify_peer);
+                                          int verify_peer,
+                                          unsigned int flags,
+                                          const u8 *session_ctx,
+                                          size_t session_ctx_len);
  
  /**
   * tls_connection_get_random - Get random data from TLS connection
diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c

index b53ec4823a951894295c7e3de7898c33113a544b..3c39e542469ee10f8e32bd8624665120a5a8e3e0 100644 (file)
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -708,7 +708,8 @@ int tls_global_set_verify(void *ssl_ctx, int check_crl)
  
  
  int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
-                             int verify_peer)
+                             int verify_peer, unsigned int flags,
+                             const u8 *session_ctx, size_t session_ctx_len)
  {
         if (conn == NULL || conn->session == NULL)
                 return -1;
diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c

index df44f0a30115ddb03d078ba0d34238819a6ff614..79f14a3a2cd199606bc77fa087afcd47aaf7d74d 100644 (file)
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -328,7 +328,8 @@ int tls_global_set_verify(void *tls_ctx, int check_crl)
  
  
  int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
-                             int verify_peer)
+                             int verify_peer, unsigned int flags,
+                             const u8 *session_ctx, size_t session_ctx_len)
  {
  #ifdef CONFIG_TLS_INTERNAL_SERVER
         if (conn->server)
diff --git a/src/crypto/tls_none.c b/src/crypto/tls_none.c

index 3474302981a17e82e687ac8914f61423233d476e..1f8c9b4c46959870fdc427fcbe8ce793d76971f8 100644 (file)
--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@@ -72,7 +72,8 @@ int tls_global_set_verify(void *tls_ctx, int check_crl)
  
  
  int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn,
-                             int verify_peer)
+                             int verify_peer, unsigned int flags,
+                             const u8 *session_ctx, size_t session_ctx_len)
  {
         return -1;
  }
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c

index 8b84171267219fb5a92ce2d491d9dceb47b903a2..10201d613e552a093679dbb4e57aecb8ffdd2360 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1944,7 +1944,8 @@ static int tls_connection_set_subject_match(struct tls_connection *conn,
  
  
  int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn,
-                             int verify_peer)
+                             int verify_peer, unsigned int flags,
+                             const u8 *session_ctx, size_t session_ctx_len)
  {
         static int counter = 0;
  
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c

index 3fc7cdc4215e33b7655412f207583ccd4466272e..ce3bda336637b619ab6b805e947a3c004aa775f7 100644 (file)
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -46,6 +46,8 @@ static void eap_server_tls_log_cb(void *ctx, const char *msg)
  int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
                             int verify_peer)
  {
+       unsigned int flags = 0;
+
         if (sm->ssl_ctx == NULL) {
                 wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method");
                 return -1;
@@ -68,7 +70,8 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
  #endif /* CONFIG_TESTING_OPTIONS */
  #endif /* CONFIG_TLS_INTERNAL */
  
-       if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
+       if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer,
+                                     flags, NULL, 0)) {
                 wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
                            "of TLS peer certificate");
                 tls_connection_deinit(sm->ssl_ctx, data->conn);
author	Jouni Malinen <j@w1.fi>
	Sun, 23 Aug 2015 18:11:01 +0000 (21:11 +0300)
committer	Jouni Malinen <j@w1.fi>
	Sun, 23 Aug 2015 23:29:29 +0000 (02:29 +0300)
src/crypto/tls.h		patch \| blob \| blame \| history
src/crypto/tls_gnutls.c		patch \| blob \| blame \| history
src/crypto/tls_internal.c		patch \| blob \| blame \| history
src/crypto/tls_none.c		patch \| blob \| blame \| history
src/crypto/tls_openssl.c		patch \| blob \| blame \| history
src/eap_server/eap_server_tls_common.c		patch \| blob \| blame \| history