#
# sim_num: Identifier for which SIM to use in multi-SIM devices
#
+# engine: Whether to use an engine for private key operations (0/1)
+# engine_id: String identifying the engine to use
+# ca_cert_id: The CA certificate identifier when using an engine
+# cert_id: The certificate identifier when using an engine
+# key_id: The private key identifier when using an engine
+#
# for example:
#
#cred={
os_free(cred->client_cert);
os_free(cred->private_key);
str_clear_free(cred->private_key_passwd);
+ os_free(cred->engine_id);
+ os_free(cred->ca_cert_id);
+ os_free(cred->cert_id);
+ os_free(cred->key_id);
os_free(cred->imsi);
str_clear_free(cred->milenage);
for (i = 0; i < cred->num_domain; i++)
return 0;
}
+ if (os_strcmp(var, "engine") == 0) {
+ cred->engine = atoi(value);
+ return 0;
+ }
+
val = wpa_config_parse_string(value, &len);
if (val == NULL ||
(os_strcmp(var, "excluded_ssid") != 0 &&
return 0;
}
+ if (os_strcmp(var, "engine_id") == 0) {
+ os_free(cred->engine_id);
+ cred->engine_id = val;
+ return 0;
+ }
+
+ if (os_strcmp(var, "ca_cert_id") == 0) {
+ os_free(cred->ca_cert_id);
+ cred->ca_cert_id = val;
+ return 0;
+ }
+
+ if (os_strcmp(var, "cert_id") == 0) {
+ os_free(cred->cert_id);
+ cred->cert_id = val;
+ return 0;
+ }
+
+ if (os_strcmp(var, "key_id") == 0) {
+ os_free(cred->key_id);
+ cred->key_id = val;
+ return 0;
+ }
+
if (os_strcmp(var, "imsi") == 0) {
os_free(cred->imsi);
cred->imsi = val;
*/
char *milenage;
+ /**
+ * engine - Use an engine for private key operations
+ */
+ int engine;
+
+ /**
+ * engine_id - String identifying the engine to use
+ */
+ char *engine_id;
+
+ /**
+ * ca_cert_id - The CA certificate identifier when using an engine
+ */
+ char *ca_cert_id;
+
+ /**
+ * cert_id - The certificate identifier when using an engine
+ */
+ char *cert_id;
+
+ /**
+ * key_id - The private key identifier when using an engine
+ */
+ char *key_id;
+
/**
* domain_suffix_match - Constraint for server domain name
*
if (cred->sim_num != DEFAULT_USER_SELECTED_SIM)
fprintf(f, "\tsim_num=%d\n", cred->sim_num);
+
+ if (cred->engine)
+ fprintf(f, "\tengine=%d\n", cred->engine);
+ if (cred->engine_id)
+ fprintf(f, "\tengine_id=\"%s\"\n", cred->engine_id);
+ if (cred->key_id)
+ fprintf(f, "\tkey_id=\"%s\"\n", cred->key_id);
+ if (cred->cert_id)
+ fprintf(f, "\tcert_id=\"%s\"\n", cred->cert_id);
+ if (cred->ca_cert_id)
+ fprintf(f, "\tca_cert_id=\"%s\"\n", cred->ca_cert_id);
}
((cred->password == NULL ||
cred->password[0] == '\0') &&
(cred->private_key == NULL ||
- cred->private_key[0] == '\0'))) {
+ cred->private_key[0] == '\0') &&
+ (!cred->key_id || cred->key_id[0] == '\0'))) {
wpa_msg(wpa_s, MSG_DEBUG,
- "nai-realm-find-eap: incomplete cred info: username: %s password: %s private_key: %s",
+ "nai-realm-find-eap: incomplete cred info: username: %s password: %s private_key: %s key_id: %s",
cred->username ? cred->username : "NULL",
cred->password ? cred->password : "NULL",
- cred->private_key ? cred->private_key : "NULL");
+ cred->private_key ? cred->private_key : "NULL",
+ cred->key_id ? cred->key_id : "NULL");
return NULL;
}
if (cred->password && cred->password[0] &&
nai_realm_cred_username(wpa_s, eap))
return eap;
- if (cred->private_key && cred->private_key[0] &&
+ if (((cred->private_key && cred->private_key[0]) ||
+ (cred->key_id && cred->key_id[0])) &&
nai_realm_cred_cert(wpa_s, eap))
return eap;
}
cred->private_key_passwd) < 0)
return -1;
+ if (cred->ca_cert_id && cred->ca_cert_id[0] &&
+ wpa_config_set_quoted(ssid, "ca_cert_id", cred->ca_cert_id) < 0)
+ return -1;
+
+ if (cred->cert_id && cred->cert_id[0] &&
+ wpa_config_set_quoted(ssid, "cert_id", cred->cert_id) < 0)
+ return -1;
+
+ if (cred->key_id && cred->key_id[0] &&
+ wpa_config_set_quoted(ssid, "key_id", cred->key_id) < 0)
+ return -1;
+
+ if (cred->engine_id && cred->engine_id[0] &&
+ wpa_config_set_quoted(ssid, "engine_id", cred->engine_id) < 0)
+ return -1;
+
+ ssid->eap.cert.engine = cred->engine;
+
if (cred->phase1) {
os_free(ssid->eap.phase1);
ssid->eap.phase1 = os_strdup(cred->phase1);
"min_dl_bandwidth_roaming", "min_ul_bandwidth_roaming", "max_bss_load",
"req_conn_capab", "ocsp", "sim_num", "realm", "username", "password",
"ca_cert", "client_cert", "private_key", "private_key_passwd", "imsi",
+ "ca_cert_id", "cert_id", "key_id", "engine_id", "engine",
"milenage", "domain_suffix_match", "domain", "phase1", "phase2",
"roaming_consortium", "required_roaming_consortium", "excluded_ssid",
"roaming_partner", "provisioning_sp"
projects / thirdparty / hostap.git / commitdiff
