Add phase1/phase2 parameter for disabling TLS Session Ticket extension
tls_disable_session_ticket=1 in phase1/phase2 can now be used to disable use of TLS Session Ticket extension (which is enabled by default in recent OpenSSL versions). This can be used to work around issues with broken authentication servers that do not ignore unrecognized TLS extensions properly. Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
e866f39fbe
commit
f210493b6e
1 changed files with 4 additions and 0 deletions
|
@ -48,6 +48,10 @@ static void eap_tls_params_flags(struct tls_connection_params *params,
|
||||||
params->flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5;
|
params->flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5;
|
||||||
if (os_strstr(txt, "tls_disable_time_checks=1"))
|
if (os_strstr(txt, "tls_disable_time_checks=1"))
|
||||||
params->flags |= TLS_CONN_DISABLE_TIME_CHECKS;
|
params->flags |= TLS_CONN_DISABLE_TIME_CHECKS;
|
||||||
|
if (os_strstr(txt, "tls_disable_session_ticket=1"))
|
||||||
|
params->flags |= TLS_CONN_DISABLE_SESSION_TICKET;
|
||||||
|
if (os_strstr(txt, "tls_disable_session_ticket=0"))
|
||||||
|
params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue