jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add phase1/phase2 parameter for disabling TLS Session Ticket extension

Browse source 
tls_disable_session_ticket=1 in phase1/phase2 can now be used to disable
use of TLS Session Ticket extension (which is enabled by default in
recent OpenSSL versions). This can be used to work around issues with
broken authentication servers that do not ignore unrecognized TLS
extensions properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-08-17 22:21:28 +03:00
parent e866f39fbe
commit f210493b6e
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/eap_peer/eap_tls_common.c
View file

@ -48,6 +48,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
params->flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5;
if (os_strstr(txt, "tls_disable_time_checks=1"))
params->flags |= TLS_CONN_DISABLE_TIME_CHECKS;
if (os_strstr(txt, "tls_disable_session_ticket=1"))
params->flags |= TLS_CONN_DISABLE_SESSION_TICKET;
if (os_strstr(txt, "tls_disable_session_ticket=0"))
params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET;
}