tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers

author Martin Willi <martin@revosec.ch>

Tue, 25 Mar 2014 08:49:04 +0000 (09:49 +0100)

committer Martin Willi <martin@revosec.ch>

Tue, 1 Apr 2014 12:28:55 +0000 (14:28 +0200)
author Martin Willi <martin@revosec.ch>
Tue, 25 Mar 2014 08:49:04 +0000 (09:49 +0100)
committer Martin Willi <martin@revosec.ch>
Tue, 1 Apr 2014 12:28:55 +0000 (14:28 +0200)
diff --git a/scripts/tls_test.c b/scripts/tls_test.c

index 7ec477aaef3f81d65dce5a8dd68bc1ea42406025..3d47f6f7a0883f9c08bee266224f15c80fc14dc6 100644 (file)
--- a/scripts/tls_test.c
+++ b/scripts/tls_test.c
@@ -105,7 +105,7 @@ static int run_client(host_t *host, identification_t *server,
                         close(fd);
                         return 1;
                 }
-               tls = tls_socket_create(FALSE, server, client, fd, cache);
+               tls = tls_socket_create(FALSE, server, client, fd, cache, TRUE);
                 if (!tls)
                 {
                         close(fd);
@@ -162,7 +162,7 @@ static int serve(host_t *host, identification_t *server,
                 }
                 DBG1(DBG_TLS, "%#H connected", host);
  
-               tls = tls_socket_create(TRUE, server, NULL, cfd, cache);
+               tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TRUE);
                 if (!tls)
                 {
                         close(fd);
diff --git a/src/libtls/tls.c b/src/libtls/tls.c

index 7314602b664f89e0738a02820a82d56ad36c5771..6e295581433b5b2e9d57908d6751b886152a6f9e 100644 (file)
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -447,6 +447,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
                 case TLS_PURPOSE_EAP_TTLS:
                 case TLS_PURPOSE_EAP_PEAP:
                 case TLS_PURPOSE_GENERIC:
+               case TLS_PURPOSE_GENERIC_NULLOK:
                         break;
                 default:
                         return NULL;
diff --git a/src/libtls/tls.h b/src/libtls/tls.h

index db332fbbf5656dcd3b3db6ad6267d3794e2c6f08..fc1d9b9fd0515088f28cb46ea87a5c9ebb8dff66 100644 (file)
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -107,6 +107,8 @@ enum tls_purpose_t {
         TLS_PURPOSE_EAP_PEAP,
         /** non-EAP TLS */
         TLS_PURPOSE_GENERIC,
+       /** non-EAP TLS accepting NULL encryption */
+       TLS_PURPOSE_GENERIC_NULLOK,
         /** EAP binding for TNC */
         TLS_PURPOSE_EAP_TNC
  };
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c

index 6addad8febf3f6dfeaa50146ea67459fe0b803a0..4f67b20d6b244152603192011dfcb6ae67146a5a 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1846,6 +1846,9 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
                 case TLS_PURPOSE_GENERIC:
                         build_cipher_suite_list(this, TRUE);
                         break;
+               case TLS_PURPOSE_GENERIC_NULLOK:
+                       build_cipher_suite_list(this, FALSE);
+                       break;
                 default:
                         break;
         }
author	Martin Willi <martin@revosec.ch>
	Tue, 25 Mar 2014 08:49:04 +0000 (09:49 +0100)
committer	Martin Willi <martin@revosec.ch>
	Tue, 1 Apr 2014 12:28:55 +0000 (14:28 +0200)
scripts/tls_test.c		patch \| blob \| blame \| history
src/libtls/tls.c		patch \| blob \| blame \| history
src/libtls/tls.h		patch \| blob \| blame \| history
src/libtls/tls_crypto.c		patch \| blob \| blame \| history