DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Allow two server certificates/keys to be configured on server

Browse source 
hostapd EAP server can now be configured with two separate server
certificates/keys to enable parallel operations using both RSA and ECC
public keys. The server will pick which one to use based on the client
preferences for the cipher suite (in the TLS ClientHello message). It
should be noted that number of deployed EAP peer implementations do not
filter out the cipher suite list based on their local configuration and
as such, configuration of alternative types of certificates on the
server may result in interoperability issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-07-12 18:11:53 +03:00
parent 857edf4bf4
commit e2722bf81d
7 changed files with 43 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/crypto/tls_openssl.c
View file

@ -5228,6 +5228,9 @@ int tls_global_set_params(void *tls_ctx,
tls_global_client_cert(data, params->client_cert) ||
tls_global_private_key(data, params->private_key,
params->private_key_passwd) ||
tls_global_client_cert(data, params->client_cert2) ||
tls_global_private_key(data, params->private_key2,
params->private_key_passwd2) ||
tls_global_dh(data, params->dh_file)) {
wpa_printf(MSG_INFO, "TLS: Failed to set global parameters");
return -1;