hostapd: Allow OpenSSL cipherlist string to be configured

The new openssl_cipher configuration parameter can be used to select
which TLS cipher suites are enabled when hostapd is used as an EAP
server with OpenSSL as the TLS library.

Signed-off-by: Jouni Malinen <j@w1.fi>

src/ap/ap_config.c

@@ -444,6 +444,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
 	os_free(conf->private_key_passwd);
 	os_free(conf->ocsp_stapling_response);
 	os_free(conf->dh_file);
+	os_free(conf->openssl_ciphers);
 	os_free(conf->pac_opaque_encr_key);
 	os_free(conf->eap_fast_a_id);
 	os_free(conf->eap_fast_a_id_info);

src/ap/ap_config.h

@@ -302,6 +302,7 @@ struct hostapd_bss_config {
 	int check_crl;
 	char *ocsp_stapling_response;
 	char *dh_file;
+	char *openssl_ciphers;
 	u8 *pac_opaque_encr_key;
 	u8 *eap_fast_a_id;
 	size_t eap_fast_a_id_len;

src/ap/authsrv.c

@@ -158,6 +158,7 @@ int authsrv_init(struct hostapd_data *hapd)
 		params.private_key = hapd->conf->private_key;
 		params.private_key_passwd = hapd->conf->private_key_passwd;
 		params.dh_file = hapd->conf->dh_file;
+		params.openssl_ciphers = hapd->conf->openssl_ciphers;
 		params.ocsp_stapling_response =
 			hapd->conf->ocsp_stapling_response;