src/crypto/tls_openssl.c

2362 	} params;
2363 	params.cert_id = cert_id;
2364 	params.cert = NULL;
2367 			     0, &params, NULL, 1)) {
2377 	if (!params.cert) {
2382 	*cert = params.cert;
2688 			   " trying to parse as DSA params", dh_file,
2707 				   "params into DH params");
2720 		wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
2763 			   " trying to parse as DSA params", dh_file,
2782 				   "params into DH params");
2795 		wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': "
3758 			      const struct tls_connection_params *params)
3764 	const char *key_id = params->key_id;
3765 	const char *cert_id = params->cert_id;
3766 	const char *ca_cert_id = params->ca_cert_id;
3767 	const char *engine_id = params->engine ? params->engine_id : NULL;
3780 	if (!key_id && params->private_key && can_pkcs11 &&
3781 	    os_strncmp(params->private_key, "pkcs11:", 7) == 0) {
3783 		key_id = params->private_key;
3786 	if (!cert_id && params->client_cert && can_pkcs11 &&
3787 	    os_strncmp(params->client_cert, "pkcs11:", 7) == 0) {
3789 		cert_id = params->client_cert;
3792 	if (!ca_cert_id && params->ca_cert && can_pkcs11 &&
3793 	    os_strncmp(params->ca_cert, "pkcs11:", 7) == 0) {
3795 		ca_cert_id = params->ca_cert;
3804 	if (params->flags & TLS_CONN_EAP_FAST) {
3823 		ret = tls_engine_init(conn, engine_id, params->pin,
3829 					     params->subject_match,
3830 					     params->altsubject_match,
3831 					     params->suffix_match,
3832 					     params->domain_match))
3838 	} else if (tls_connection_ca_cert(data, conn, params->ca_cert,
3839 					  params->ca_cert_blob,
3840 					  params->ca_cert_blob_len,
3841 					  params->ca_path))
3847 	} else if (tls_connection_client_cert(conn, params->client_cert,
3848 					      params->client_cert_blob,
3849 					      params->client_cert_blob_len))
3857 					      params->private_key,
3858 					      params->private_key_passwd,
3859 					      params->private_key_blob,
3860 					      params->private_key_blob_len)) {
3862 			   params->private_key);
3866 	if (tls_connection_dh(conn, params->dh_file)) {
3868 			   params->dh_file);
3872 	if (params->openssl_ciphers &&
3873 	    SSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) {
3876 			   params->openssl_ciphers);
3880 	tls_set_conn_flags(conn->ssl, params->flags);
3883 	if (params->flags & TLS_CONN_REQUEST_OCSP) {
3890 	if (params->flags & TLS_CONN_REQUIRE_OCSP) {
3895 	if (params->flags & TLS_CONN_REQUEST_OCSP) {
3901 	conn->flags = params->flags;
3910 			  const struct tls_connection_params *params)
3921 	if (tls_global_ca_cert(data, params->ca_cert) ||
3922 	    tls_global_client_cert(data, params->client_cert) ||
3923 	    tls_global_private_key(data, params->private_key,
3924 				   params->private_key_passwd) ||
3925 	    tls_global_dh(data, params->dh_file)) {
3930 	if (params->openssl_ciphers &&
3931 	    SSL_CTX_set_cipher_list(ssl_ctx, params->openssl_ciphers) != 1) {
3934 			   params->openssl_ciphers);
3939 	if (params->flags & TLS_CONN_DISABLE_SESSION_TICKET)
3951 	if (params->ocsp_stapling_response)
3953 			os_strdup(params->ocsp_stapling_response);