DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

GnuTLS: Add support for disabling TLS versions

Browse source 
This extends GnuTLS support for tls_disable_v1_{0,1,2}=1 flags in the
phase1 network profile parameter in wpa_supplicant.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-12-28 18:03:29 +02:00
parent 5d292fcfbd
commit dd227e67ab
1 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
src/crypto/tls_gnutls.c
View file

@ -397,6 +397,29 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
conn->flags = params->flags; conn->flags = params->flags;
if (params->flags & (TLS_CONN_DISABLE_TLSv1_0 |
TLS_CONN_DISABLE_TLSv1_1 |
TLS_CONN_DISABLE_TLSv1_2)) {
const char *err;
char prio[100];
os_snprintf(prio, sizeof(prio), "NORMAL:-VERS-SSL3.0%s%s%s",
params->flags & TLS_CONN_DISABLE_TLSv1_0 ?
":-VERS-TLS1.0" : "",
params->flags & TLS_CONN_DISABLE_TLSv1_1 ?
":-VERS-TLS1.1" : "",
params->flags & TLS_CONN_DISABLE_TLSv1_2 ?
":-VERS-TLS1.2" : "");
wpa_printf(MSG_DEBUG, "GnuTLS: Set priority string: %s", prio);
ret = gnutls_priority_set_direct(conn->session, prio, &err);
if (ret < 0) {
wpa_printf(MSG_ERROR,
"GnuTLS: Priority string failure at '%s'",
err);
return -1;
}
}
if (params->openssl_ciphers) { if (params->openssl_ciphers) {
wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported"); wpa_printf(MSG_INFO, "GnuTLS: openssl_ciphers not supported");
return -1; return -1;