Remove DH file configuration from TLS client functionality

The DH file parameters are applicable only for the TLS server, so this parameter did not really have any impact to functionality. Remove it to get rid of useless code and confusing documentation for the network block configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
2022-04-15 23:30:10 +03:00 · 2022-04-15 23:30:10 +03:00 · 65652c67f5
commit 65652c67f5
parent b08d100de6
7 changed files with 29 additions and 41 deletions
--- a/src/eap_peer/eap_config.h
+++ b/src/eap_peer/eap_config.h
@ -103,24 +103,6 @@ struct eap_peer_cert_config {
 	 */
 	char *private_key_passwd;

-	/**
-	 * dh_file - File path to DH/DSA parameters file (in PEM format)
-	 *
-	 * This is an optional configuration file for setting parameters for an
-	 * ephemeral DH key exchange. In most cases, the default RSA
-	 * authentication does not use this configuration. However, it is
-	 * possible setup RSA to use ephemeral DH key exchange. In addition,
-	 * ciphers with DSA keys always use ephemeral DH keys. This can be used
-	 * to achieve forward secrecy. If the file is in DSA parameters format,
-	 * it will be automatically converted into DH params. Full path to the
-	 * file should be used since working directory may change when
-	 * wpa_supplicant is run in the background.
-	 *
-	 * Alternatively, a named configuration blob can be used by setting
-	 * this to blob://blob_name.
-	 */
-	char *dh_file;
-
 	/**
 	 * subject_match - Constraint for server certificate subject
 	 *
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@ -113,7 +113,6 @@ static void eap_tls_cert_params_from_conf(struct tls_connection_params *params,
 	params->client_cert = config->client_cert;
 	params->private_key = config->private_key;
 	params->private_key_passwd = config->private_key_passwd;
-	params->dh_file = config->dh_file;
 	params->subject_match = config->subject_match;
 	params->altsubject_match = config->altsubject_match;
 	params->check_cert_subject = config->check_cert_subject;
@ -230,9 +229,7 @@ static int eap_tls_params_from_conf(struct eap_sm *sm,
 			       &params->client_cert_blob_len) ||
 	    eap_tls_check_blob(sm, &params->private_key,
 			       &params->private_key_blob,
-			       &params->private_key_blob_len) ||
-	    eap_tls_check_blob(sm, &params->dh_file, &params->dh_blob,
-			       &params->dh_blob_len)) {
+			       &params->private_key_blob_len)) {
 		wpa_printf(MSG_INFO, "SSL: Failed to get configuration blobs");
 		return -1;
 	}