From: Jouni Malinen <j@w1.fi>
Date: Sat, 10 Jan 2015 23:35:54 +0000 (+0200)
Subject: TLS: Reject openssl_ciphers parameter in non-OpenSSL cases
X-Git-Tag: hostap_2_4~452
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=224104ddf60c838ea8281ab12b4a7f043ee16d23;p=thirdparty%2Fhostap.git

TLS: Reject openssl_ciphers parameter in non-OpenSSL cases

This TLS configuration parameter is explicitly for OpenSSL. Instead of
ignoring it silently, reject any configuration trying to use it in
builds that use other options for TLS implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index 1eb4b66f2..f5a26e7e7 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -423,6 +423,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}
 
+	if (params->openssl_ciphers) {
+		wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+		return -1;
+	}
+
 	/* TODO: gnutls_certificate_set_verify_flags(xcred, flags); 
 	 * to force peer validation(?) */
 
diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c
index 233795176..6963309b7 100644
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -205,6 +205,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}
 
+	if (params->openssl_ciphers) {
+		wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+		return -1;
+	}
+
 	if (tlsv1_set_ca_cert(cred, params->ca_cert,
 			      params->ca_cert_blob, params->ca_cert_blob_len,
 			      params->ca_path)) {
diff --git a/src/crypto/tls_schannel.c b/src/crypto/tls_schannel.c
index e1d0f597f..28cf71951 100644
--- a/src/crypto/tls_schannel.c
+++ b/src/crypto/tls_schannel.c
@@ -707,6 +707,11 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 	}
 
+	if (params->openssl_ciphers) {
+		wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
+		return -1;
+	}
+
 	if (global->my_cert_store == NULL &&
 	    (global->my_cert_store = CertOpenSystemStore(0, TEXT("MY"))) ==
 	    NULL) {