hostapd: Add openssl_ecdh_curves configuration parameter

This makes it possible to use ECDSA certificates with EAP-TLS/TTLS/etc.
It should be noted that when using Suite B, different mechanism is used
to specify the allowed ECDH curves and this new parameter must not be
used in such cases.

Signed-off-by: Hristo Venev <hristo@venev.name>
This commit is contained in:
Hristo Venev 2017-04-20 14:44:31 +01:00 committed by Jouni Malinen
parent 0521c6ebb3
commit d01203cafc
4 changed files with 6 additions and 0 deletions

View file

@ -2505,6 +2505,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "openssl_ciphers") == 0) { } else if (os_strcmp(buf, "openssl_ciphers") == 0) {
os_free(bss->openssl_ciphers); os_free(bss->openssl_ciphers);
bss->openssl_ciphers = os_strdup(pos); bss->openssl_ciphers = os_strdup(pos);
} else if (os_strcmp(buf, "openssl_ecdh_curves") == 0) {
os_free(bss->openssl_ecdh_curves);
bss->openssl_ecdh_curves = os_strdup(pos);
} else if (os_strcmp(buf, "fragment_size") == 0) { } else if (os_strcmp(buf, "fragment_size") == 0) {
bss->fragment_size = atoi(pos); bss->fragment_size = atoi(pos);
#ifdef EAP_SERVER_FAST #ifdef EAP_SERVER_FAST

View file

@ -543,6 +543,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
os_free(conf->ocsp_stapling_response_multi); os_free(conf->ocsp_stapling_response_multi);
os_free(conf->dh_file); os_free(conf->dh_file);
os_free(conf->openssl_ciphers); os_free(conf->openssl_ciphers);
os_free(conf->openssl_ecdh_curves);
os_free(conf->pac_opaque_encr_key); os_free(conf->pac_opaque_encr_key);
os_free(conf->eap_fast_a_id); os_free(conf->eap_fast_a_id);
os_free(conf->eap_fast_a_id_info); os_free(conf->eap_fast_a_id_info);

View file

@ -395,6 +395,7 @@ struct hostapd_bss_config {
char *ocsp_stapling_response_multi; char *ocsp_stapling_response_multi;
char *dh_file; char *dh_file;
char *openssl_ciphers; char *openssl_ciphers;
char *openssl_ecdh_curves;
u8 *pac_opaque_encr_key; u8 *pac_opaque_encr_key;
u8 *eap_fast_a_id; u8 *eap_fast_a_id;
size_t eap_fast_a_id_len; size_t eap_fast_a_id_len;

View file

@ -218,6 +218,7 @@ int authsrv_init(struct hostapd_data *hapd)
params.private_key_passwd = hapd->conf->private_key_passwd; params.private_key_passwd = hapd->conf->private_key_passwd;
params.dh_file = hapd->conf->dh_file; params.dh_file = hapd->conf->dh_file;
params.openssl_ciphers = hapd->conf->openssl_ciphers; params.openssl_ciphers = hapd->conf->openssl_ciphers;
params.openssl_ecdh_curves = hapd->conf->openssl_ecdh_curves;
params.ocsp_stapling_response = params.ocsp_stapling_response =
hapd->conf->ocsp_stapling_response; hapd->conf->ocsp_stapling_response;
params.ocsp_stapling_response_multi = params.ocsp_stapling_response_multi =