Use struct eap_config as-is within struct eap_sm and EAPOL authenticator
to avoid having to duplicate all the configuration variables at each
interface. Split the couple of session specific variables into a
separate struct to allow a single const struct eap_config to be used.
Signed-off-by: Jouni Malinen <j@w1.fi>
Add the ability to ignore time-based CRL errors from OpenSSL by
specifying a new configuration parameter, check_crl_strict=0.
This causes the following:
- This setting does nothing when CRL checking is not enabled.
- When CRL is enabled, "strict mode" will cause CRL time errors to not
be ignored and will continue behaving as it currently does.
- When CRL is enabled, disabling strict mode will cause CRL time
errors to be ignored and will allow connections.
By default, check_crl_strict is set to 1, or strict mode, to keep
current functionality.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
The internal TLS implementation supports number of additional cipher
suites that require DH parameters to be set on the server. Such a cipher
suite is selected by default in the eap_example case which prevented the
TLS handshake from completing successfully. Fix this by adding DH
parameters to the server configuration.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
It looks like GnuTLS does not know how to parse the previously used
DER-formatted PKCS#1 private key (server.key). To work around this, use
a PEM-formatted version of the same key. This format can now be used by
OpenSSL, GnuTLS, and the internal TLS implementation.
