From: Martin Willi Date: Tue, 25 Mar 2014 09:19:41 +0000 (+0100) Subject: tls: Support a null encryption flag on TLS socket abstraction X-Git-Tag: 5.1.3rc1~4^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5313880261fe271ac5b334ccacf92d6253efaf3d;p=thirdparty%2Fstrongswan.git tls: Support a null encryption flag on TLS socket abstraction --- diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c index 5206ba4e75..af1b28adfc 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c @@ -876,7 +876,8 @@ static bool soap_init(private_tnc_ifmap_soap_t *this) } /* open TLS socket */ - this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL); + this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, + NULL, FALSE); if (!this->tls) { DBG1(DBG_TNC, "creating TLS socket failed"); @@ -923,4 +924,3 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create() return &this->public; } - diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index 01a84cd149..98a2f4b473 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -84,7 +84,8 @@ static bool make_connection(private_pt_tls_client_t *this) return FALSE; } - this->tls = tls_socket_create(FALSE, this->server, this->client, fd, NULL); + this->tls = tls_socket_create(FALSE, this->server, this->client, fd, + NULL, FALSE); if (!this->tls) { close(fd); diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c index 9af00e7c26..3c07475d9d 100644 --- a/src/libpttls/pt_tls_server.c +++ b/src/libpttls/pt_tls_server.c @@ -532,7 +532,7 @@ pt_tls_server_t *pt_tls_server_create(identification_t *server, int fd, .destroy = _destroy, }, .state = PT_TLS_SERVER_VERSION, - .tls = tls_socket_create(TRUE, server, NULL, fd, NULL), + .tls = tls_socket_create(TRUE, server, NULL, fd, NULL, FALSE), .tnccs = (tls_t*)tnccs, .auth = auth, ); diff --git a/src/libtls/tls_socket.c b/src/libtls/tls_socket.c index 19232750b1..4b18fa60ef 100644 --- a/src/libtls/tls_socket.c +++ b/src/libtls/tls_socket.c @@ -406,9 +406,11 @@ METHOD(tls_socket_t, destroy, void, * See header */ tls_socket_t *tls_socket_create(bool is_server, identification_t *server, - identification_t *peer, int fd, tls_cache_t *cache) + identification_t *peer, int fd, tls_cache_t *cache, + bool nullok) { private_tls_socket_t *this; + tls_purpose_t purpose; INIT(this, .public = { @@ -430,7 +432,16 @@ tls_socket_t *tls_socket_create(bool is_server, identification_t *server, .fd = fd, ); - this->tls = tls_create(is_server, server, peer, TLS_PURPOSE_GENERIC, + if (nullok) + { + purpose = TLS_PURPOSE_GENERIC_NULLOK; + } + else + { + purpose = TLS_PURPOSE_GENERIC; + } + + this->tls = tls_create(is_server, server, peer, purpose, &this->app.application, cache); if (!this->tls) { diff --git a/src/libtls/tls_socket.h b/src/libtls/tls_socket.h index 75130a4d39..54278dd01f 100644 --- a/src/libtls/tls_socket.h +++ b/src/libtls/tls_socket.h @@ -104,9 +104,11 @@ struct tls_socket_t { * @param peer client identity, NULL for no client authentication * @param fd socket to read/write from * @param cache session cache to use, or NULL + * @param nullok accept NULL encryption ciphers * @return TLS socket wrapper */ tls_socket_t *tls_socket_create(bool is_server, identification_t *server, - identification_t *peer, int fd, tls_cache_t *cache); + identification_t *peer, int fd, tls_cache_t *cache, + bool nullok); #endif /** TLS_SOCKET_H_ @}*/