DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP peer config: Move ocsp param to phase1/phase2

Browse source 
OCSP configuration is applicable to each instance of TLS-based
authentication and as such, the configuration might need to be different
for Phase 1 and Phase 2. Move ocsp into struct eap_peer_cert_config and
add a separate ocsp2 network profile parameter to set this for Phase 2.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-09-01 16:07:58 +03:00
parent e0ee87c706
commit 043de65f1c
6 changed files with 21 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/eap_peer/eap_tls_common.c
View file

@ -125,6 +125,12 @@ static void eap_tls_cert_params_from_conf(struct tls_connection_params *params,
params->key_id = config->key_id;
params->cert_id = config->cert_id;
params->ca_cert_id = config->ca_cert_id;
if (config->ocsp)
params->flags |= TLS_CONN_REQUEST_OCSP;
if (config->ocsp >= 2)
params->flags |= TLS_CONN_REQUIRE_OCSP;
if (config->ocsp == 3)
params->flags |= TLS_CONN_REQUIRE_OCSP_ALL;
}
@ -233,12 +239,6 @@ static int eap_tls_init_connection(struct eap_sm *sm,
{
int res;
if (config->ocsp)
params->flags |= TLS_CONN_REQUEST_OCSP;
if (config->ocsp >= 2)
params->flags |= TLS_CONN_REQUIRE_OCSP;
if (config->ocsp == 3)
params->flags |= TLS_CONN_REQUIRE_OCSP_ALL;
data->conn = tls_connection_init(data->ssl_ctx);
if (data->conn == NULL) {
wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS "