Add hostapd tls_flags parameter

This can be used to set the TLS flags for authentication server.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

src/eap_server/eap.h

@@ -132,6 +132,7 @@ struct eap_config {
 	size_t server_id_len;
 	int erp;
 	unsigned int tls_session_lifetime;
+	unsigned int tls_flags;
 
 #ifdef CONFIG_TESTING_OPTIONS
 	u32 tls_test_flags;

src/eap_server/eap_i.h

@@ -211,6 +211,7 @@ struct eap_sm {
 	Boolean try_initiate_reauth;
 	int erp;
 	unsigned int tls_session_lifetime;
+	unsigned int tls_flags;
 
 #ifdef CONFIG_TESTING_OPTIONS
 	u32 tls_test_flags;

src/eap_server/eap_server.c

@@ -1868,6 +1868,7 @@ struct eap_sm * eap_server_sm_init(void *eapol_ctx,
 	sm->server_id_len = conf->server_id_len;
 	sm->erp = conf->erp;
 	sm->tls_session_lifetime = conf->tls_session_lifetime;
+	sm->tls_flags = conf->tls_flags;
 
 #ifdef CONFIG_TESTING_OPTIONS
 	sm->tls_test_flags = conf->tls_test_flags;

src/eap_server/eap_server_tls_common.c

@@ -47,7 +47,7 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 			    int verify_peer, int eap_type)
 {
 	u8 session_ctx[8];
-	unsigned int flags = 0;
+	unsigned int flags = sm->tls_flags;
 
 	if (sm->ssl_ctx == NULL) {
 		wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method");