58 static void eap_tls_params_flags(struct tls_connection_params *params,
64 		params->flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5;
66 		params->flags |= TLS_CONN_DISABLE_TIME_CHECKS;
68 		params->flags |= TLS_CONN_DISABLE_SESSION_TICKET;
70 		params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET;
72 		params->flags |= TLS_CONN_DISABLE_TLSv1_0;
74 		params->flags &= ~TLS_CONN_DISABLE_TLSv1_0;
75 		params->flags |= TLS_CONN_ENABLE_TLSv1_0;
78 		params->flags |= TLS_CONN_DISABLE_TLSv1_1;
80 		params->flags &= ~TLS_CONN_DISABLE_TLSv1_1;
81 		params->flags |= TLS_CONN_ENABLE_TLSv1_1;
84 		params->flags |= TLS_CONN_DISABLE_TLSv1_2;
86 		params->flags &= ~TLS_CONN_DISABLE_TLSv1_2;
87 		params->flags |= TLS_CONN_ENABLE_TLSv1_2;
90 		params->flags |= TLS_CONN_DISABLE_TLSv1_3;
92 		params->flags &= ~TLS_CONN_DISABLE_TLSv1_3;
94 		params->flags |= TLS_CONN_EXT_CERT_CHECK;
96 		params->flags &= ~TLS_CONN_EXT_CERT_CHECK;
98 		params->flags |= TLS_CONN_SUITEB;
100 		params->flags &= ~TLS_CONN_SUITEB;
102 		params->flags |= TLS_CONN_SUITEB_NO_ECDH;
104 		params->flags &= ~TLS_CONN_SUITEB_NO_ECDH;
108 static void eap_tls_params_from_conf1(struct tls_connection_params *params,
111 	params->ca_cert = config->ca_cert;
112 	params->ca_path = config->ca_path;
113 	params->client_cert = config->client_cert;
114 	params->private_key = config->private_key;
115 	params->private_key_passwd = config->private_key_passwd;
116 	params->dh_file = config->dh_file;
117 	params->subject_match = config->subject_match;
118 	params->altsubject_match = config->altsubject_match;
119 	params->check_cert_subject = config->check_cert_subject;
120 	params->suffix_match = config->domain_suffix_match;
121 	params->domain_match = config->domain_match;
122 	params->engine = config->engine;
123 	params->engine_id = config->engine_id;
124 	params->pin = config->pin;
125 	params->key_id = config->key_id;
126 	params->cert_id = config->cert_id;
127 	params->ca_cert_id = config->ca_cert_id;
128 	eap_tls_params_flags(params, config->phase1);
132 static void eap_tls_params_from_conf2(struct tls_connection_params *params,
135 	params->ca_cert = config->ca_cert2;
136 	params->ca_path = config->ca_path2;
137 	params->client_cert = config->client_cert2;
138 	params->private_key = config->private_key2;
139 	params->private_key_passwd = config->private_key2_passwd;
140 	params->dh_file = config->dh_file2;
141 	params->subject_match = config->subject_match2;
142 	params->altsubject_match = config->altsubject_match2;
143 	params->check_cert_subject = config->check_cert_subject2;
144 	params->suffix_match = config->domain_suffix_match2;
145 	params->domain_match = config->domain_match2;
146 	params->engine = config->engine2;
147 	params->engine_id = config->engine2_id;
148 	params->pin = config->pin2;
149 	params->key_id = config->key2_id;
150 	params->cert_id = config->cert2_id;
151 	params->ca_cert_id = config->ca_cert2_id;
152 	eap_tls_params_flags(params, config->phase2);
158 				    struct tls_connection_params *params,
161 	os_memset(params, 0, sizeof(*params));
173 		params->flags |= TLS_CONN_DISABLE_SESSION_TICKET;
177 		params->flags |= TLS_CONN_DISABLE_TLSv1_0 |
180 			params->flags |= TLS_CONN_TEAP_ANON_DH;
188 		params->flags |= TLS_CONN_DISABLE_TLSv1_3;
200 		params->flags |= TLS_CONN_DISABLE_TLSv1_3;
204 		eap_tls_params_from_conf2(params, config);
207 		eap_tls_params_from_conf1(params, config);
209 			params->flags |= TLS_CONN_EAP_FAST;
216 	if (eap_tls_check_blob(sm, &params->ca_cert, &params->ca_cert_blob,
217 			       &params->ca_cert_blob_len) ||
218 	    eap_tls_check_blob(sm, &params->client_cert,
219 			       &params->client_cert_blob,
220 			       &params->client_cert_blob_len) ||
221 	    eap_tls_check_blob(sm, &params->private_key,
222 			       &params->private_key_blob,
223 			       &params->private_key_blob_len) ||
224 	    eap_tls_check_blob(sm, &params->dh_file, &params->dh_blob,
225 			       &params->dh_blob_len)) {
230 	params->openssl_ciphers = config->openssl_ciphers;
232 	sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK);
235 		data->client_cert_conf = params->client_cert ||
236 			params->client_cert_blob ||
237 			params->private_key ||
238 			params->private_key_blob;
247 				   struct tls_connection_params *params)
252 		params->flags |= TLS_CONN_REQUEST_OCSP;
254 		params->flags |= TLS_CONN_REQUIRE_OCSP;
256 		params->flags |= TLS_CONN_REQUIRE_OCSP_ALL;
264 	res = tls_connection_set_params(data->ssl_ctx, data->conn, params);
309 	struct tls_connection_params params;
319 	if (eap_tls_params_from_conf(sm, data, &params, config, data->phase2) <
323 	if (eap_tls_init_connection(sm, data, config, &params) < 0)

Indexes created Sat Jun 08 03:50:41 MDT 2024