TLS client: Use TLS_CONN_* flags
This makes it simpler to add support for new TLS_CONN_* flags without having to add a new configuration function for each flag. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
20804fe844
commit
0cbc22b2eb
5 changed files with 14 additions and 9 deletions
|
@ -273,8 +273,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsv1_client_set_time_checks(
|
tlsv1_client_set_flags(conn->client, params->flags);
|
||||||
conn->client, !(params->flags & TLS_CONN_DISABLE_TIME_CHECKS));
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#else /* CONFIG_TLS_INTERNAL_CLIENT */
|
#else /* CONFIG_TLS_INTERNAL_CLIENT */
|
||||||
|
|
|
@ -811,9 +811,14 @@ int tlsv1_client_set_cred(struct tlsv1_client *conn,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled)
|
/**
|
||||||
|
* tlsv1_client_set_flags - Set connection flags
|
||||||
|
* @conn: TLSv1 client connection data from tlsv1_client_init()
|
||||||
|
* @flags: TLS_CONN_* bitfield
|
||||||
|
*/
|
||||||
|
void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags)
|
||||||
{
|
{
|
||||||
conn->disable_time_checks = !enabled;
|
conn->flags = flags;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,7 @@ int tlsv1_client_get_keyblock_size(struct tlsv1_client *conn);
|
||||||
int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers);
|
int tlsv1_client_set_cipher_list(struct tlsv1_client *conn, u8 *ciphers);
|
||||||
int tlsv1_client_set_cred(struct tlsv1_client *conn,
|
int tlsv1_client_set_cred(struct tlsv1_client *conn,
|
||||||
struct tlsv1_credentials *cred);
|
struct tlsv1_credentials *cred);
|
||||||
void tlsv1_client_set_time_checks(struct tlsv1_client *conn, int enabled);
|
void tlsv1_client_set_flags(struct tlsv1_client *conn, unsigned int flags);
|
||||||
|
|
||||||
typedef int (*tlsv1_client_session_ticket_cb)
|
typedef int (*tlsv1_client_session_ticket_cb)
|
||||||
(void *ctx, const u8 *ticket, size_t len, const u8 *client_random,
|
(void *ctx, const u8 *ticket, size_t len, const u8 *client_random,
|
||||||
|
|
|
@ -29,11 +29,12 @@ struct tlsv1_client {
|
||||||
u8 alert_level;
|
u8 alert_level;
|
||||||
u8 alert_description;
|
u8 alert_description;
|
||||||
|
|
||||||
|
unsigned int flags; /* TLS_CONN_* bitfield */
|
||||||
|
|
||||||
unsigned int certificate_requested:1;
|
unsigned int certificate_requested:1;
|
||||||
unsigned int session_resumed:1;
|
unsigned int session_resumed:1;
|
||||||
unsigned int session_ticket_included:1;
|
unsigned int session_ticket_included:1;
|
||||||
unsigned int use_session_ticket:1;
|
unsigned int use_session_ticket:1;
|
||||||
unsigned int disable_time_checks:1;
|
|
||||||
unsigned int cert_in_cb:1;
|
unsigned int cert_in_cb:1;
|
||||||
|
|
||||||
struct crypto_public_key *server_rsa_key;
|
struct crypto_public_key *server_rsa_key;
|
||||||
|
|
|
@ -463,9 +463,9 @@ static int tls_process_certificate(struct tlsv1_client *conn, u8 ct,
|
||||||
x509_certificate_chain_free(chain);
|
x509_certificate_chain_free(chain);
|
||||||
return -1;
|
return -1;
|
||||||
} else if (conn->cred && conn->cred->ca_cert_verify &&
|
} else if (conn->cred && conn->cred->ca_cert_verify &&
|
||||||
x509_certificate_chain_validate(conn->cred->trusted_certs,
|
x509_certificate_chain_validate(
|
||||||
chain, &reason,
|
conn->cred->trusted_certs, chain, &reason,
|
||||||
conn->disable_time_checks)
|
!!(conn->flags & TLS_CONN_DISABLE_TIME_CHECKS))
|
||||||
< 0) {
|
< 0) {
|
||||||
int tls_reason;
|
int tls_reason;
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Server certificate chain "
|
wpa_printf(MSG_DEBUG, "TLSv1: Server certificate chain "
|
||||||
|
|
Loading…
Reference in a new issue