hostapd: Add openssl_ecdh_curves configuration parameter
This makes it possible to use ECDSA certificates with EAP-TLS/TTLS/etc. It should be noted that when using Suite B, different mechanism is used to specify the allowed ECDH curves and this new parameter must not be used in such cases. Signed-off-by: Hristo Venev <hristo@venev.name>
This commit is contained in:
parent
0521c6ebb3
commit
d01203cafc
4 changed files with 6 additions and 0 deletions
|
@ -2505,6 +2505,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||||
} else if (os_strcmp(buf, "openssl_ciphers") == 0) {
|
} else if (os_strcmp(buf, "openssl_ciphers") == 0) {
|
||||||
os_free(bss->openssl_ciphers);
|
os_free(bss->openssl_ciphers);
|
||||||
bss->openssl_ciphers = os_strdup(pos);
|
bss->openssl_ciphers = os_strdup(pos);
|
||||||
|
} else if (os_strcmp(buf, "openssl_ecdh_curves") == 0) {
|
||||||
|
os_free(bss->openssl_ecdh_curves);
|
||||||
|
bss->openssl_ecdh_curves = os_strdup(pos);
|
||||||
} else if (os_strcmp(buf, "fragment_size") == 0) {
|
} else if (os_strcmp(buf, "fragment_size") == 0) {
|
||||||
bss->fragment_size = atoi(pos);
|
bss->fragment_size = atoi(pos);
|
||||||
#ifdef EAP_SERVER_FAST
|
#ifdef EAP_SERVER_FAST
|
||||||
|
|
|
@ -543,6 +543,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
|
||||||
os_free(conf->ocsp_stapling_response_multi);
|
os_free(conf->ocsp_stapling_response_multi);
|
||||||
os_free(conf->dh_file);
|
os_free(conf->dh_file);
|
||||||
os_free(conf->openssl_ciphers);
|
os_free(conf->openssl_ciphers);
|
||||||
|
os_free(conf->openssl_ecdh_curves);
|
||||||
os_free(conf->pac_opaque_encr_key);
|
os_free(conf->pac_opaque_encr_key);
|
||||||
os_free(conf->eap_fast_a_id);
|
os_free(conf->eap_fast_a_id);
|
||||||
os_free(conf->eap_fast_a_id_info);
|
os_free(conf->eap_fast_a_id_info);
|
||||||
|
|
|
@ -395,6 +395,7 @@ struct hostapd_bss_config {
|
||||||
char *ocsp_stapling_response_multi;
|
char *ocsp_stapling_response_multi;
|
||||||
char *dh_file;
|
char *dh_file;
|
||||||
char *openssl_ciphers;
|
char *openssl_ciphers;
|
||||||
|
char *openssl_ecdh_curves;
|
||||||
u8 *pac_opaque_encr_key;
|
u8 *pac_opaque_encr_key;
|
||||||
u8 *eap_fast_a_id;
|
u8 *eap_fast_a_id;
|
||||||
size_t eap_fast_a_id_len;
|
size_t eap_fast_a_id_len;
|
||||||
|
|
|
@ -218,6 +218,7 @@ int authsrv_init(struct hostapd_data *hapd)
|
||||||
params.private_key_passwd = hapd->conf->private_key_passwd;
|
params.private_key_passwd = hapd->conf->private_key_passwd;
|
||||||
params.dh_file = hapd->conf->dh_file;
|
params.dh_file = hapd->conf->dh_file;
|
||||||
params.openssl_ciphers = hapd->conf->openssl_ciphers;
|
params.openssl_ciphers = hapd->conf->openssl_ciphers;
|
||||||
|
params.openssl_ecdh_curves = hapd->conf->openssl_ecdh_curves;
|
||||||
params.ocsp_stapling_response =
|
params.ocsp_stapling_response =
|
||||||
hapd->conf->ocsp_stapling_response;
|
hapd->conf->ocsp_stapling_response;
|
||||||
params.ocsp_stapling_response_multi =
|
params.ocsp_stapling_response_multi =
|
||||||
|
|
Loading…
Reference in a new issue