TLS: Add new arguments to tls_connection_set_verify()

The new flags and session_ctx arguments will be used in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-23 21:11:01 +03:00 · 2015-08-23 21:11:01 +03:00 · bfbebd2665
commit bfbebd2665
parent bd9b8b2b68
6 changed files with 19 additions and 6 deletions
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@ -46,6 +46,8 @@ static void eap_server_tls_log_cb(void *ctx, const char *msg)
 int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 			    int verify_peer)
 {
+	unsigned int flags = 0;
+
 	if (sm->ssl_ctx == NULL) {
 		wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method");
 		return -1;
@ -68,7 +70,8 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
 #endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_TLS_INTERNAL */

-	if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) {
+	if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer,
+				      flags, NULL, 0)) {
 		wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
 			   "of TLS peer certificate");
 		tls_connection_deinit(sm->ssl_ctx, data->conn);