Make TLS version number available in STATUS command
This adds a new STATUS command field "eap_tls_version" that shows the TLS version number that was used during EAP-TLS/TTLS/PEAP/FAST exchange. For now, this is only supported with OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
5650d379a3
commit
fe1bf32974
6 changed files with 68 additions and 12 deletions
|
@ -466,6 +466,19 @@ int __must_check tls_connection_set_cipher_list(void *tls_ctx,
|
|||
struct tls_connection *conn,
|
||||
u8 *ciphers);
|
||||
|
||||
/**
|
||||
* tls_get_version - Get the current TLS version number
|
||||
* @tls_ctx: TLS context data from tls_init()
|
||||
* @conn: Connection context data from tls_connection_init()
|
||||
* @buf: Buffer for returning the TLS version number
|
||||
* @buflen: buf size
|
||||
* Returns: 0 on success, -1 on failure
|
||||
*
|
||||
* Get the currently used TLS version number.
|
||||
*/
|
||||
int __must_check tls_get_version(void *tls_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen);
|
||||
|
||||
/**
|
||||
* tls_get_cipher - Get current cipher name
|
||||
* @tls_ctx: TLS context data from tls_init()
|
||||
|
|
|
@ -1426,6 +1426,14 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
|
|||
}
|
||||
|
||||
|
||||
int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
/* TODO */
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
|
|
|
@ -617,6 +617,14 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
|
|||
}
|
||||
|
||||
|
||||
int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
/* TODO */
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
|
|
|
@ -140,6 +140,13 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
|
|||
}
|
||||
|
||||
|
||||
int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
|
|
|
@ -3097,6 +3097,22 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
|
|||
}
|
||||
|
||||
|
||||
int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
const char *name;
|
||||
if (conn == NULL || conn->ssl == NULL)
|
||||
return -1;
|
||||
|
||||
name = SSL_get_version(conn->ssl);
|
||||
if (name == NULL)
|
||||
return -1;
|
||||
|
||||
os_strlcpy(buf, name, buflen);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
|
||||
char *buf, size_t buflen)
|
||||
{
|
||||
|
|
|
@ -753,20 +753,24 @@ int eap_peer_tls_reauth_init(struct eap_sm *sm, struct eap_ssl_data *data)
|
|||
int eap_peer_tls_status(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
char *buf, size_t buflen, int verbose)
|
||||
{
|
||||
char name[128];
|
||||
char version[20], name[128];
|
||||
int len = 0, ret;
|
||||
|
||||
if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) == 0)
|
||||
{
|
||||
ret = os_snprintf(buf + len, buflen - len,
|
||||
"EAP TLS cipher=%s\n"
|
||||
"tls_session_reused=%d\n",
|
||||
name, tls_connection_resumed(data->ssl_ctx,
|
||||
data->conn));
|
||||
if (os_snprintf_error(buflen - len, ret))
|
||||
return len;
|
||||
len += ret;
|
||||
}
|
||||
if (tls_get_version(data->ssl_ctx, data->conn, version,
|
||||
sizeof(version)) < 0)
|
||||
version[0] = '\0';
|
||||
if (tls_get_cipher(data->ssl_ctx, data->conn, name, sizeof(name)) < 0)
|
||||
name[0] = '\0';
|
||||
|
||||
ret = os_snprintf(buf + len, buflen - len,
|
||||
"eap_tls_version=%s\n"
|
||||
"EAP TLS cipher=%s\n"
|
||||
"tls_session_reused=%d\n",
|
||||
version, name,
|
||||
tls_connection_resumed(data->ssl_ctx, data->conn));
|
||||
if (os_snprintf_error(buflen - len, ret))
|
||||
return len;
|
||||
len += ret;
|
||||
|
||||
return len;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue