Make TLS version number available in STATUS command

This adds a new STATUS command field "eap_tls_version" that shows the TLS version number that was used during EAP-TLS/TTLS/PEAP/FAST exchange. For now, this is only supported with OpenSSL. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:51:03 +03:00 · 2015-07-08 19:51:03 +03:00 · fe1bf32974
commit fe1bf32974
parent 5650d379a3
6 changed files with 68 additions and 12 deletions
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@ -466,6 +466,19 @@ int __must_check tls_connection_set_cipher_list(void *tls_ctx,
 						struct tls_connection *conn,
 						u8 *ciphers);

+/**
+ * tls_get_version - Get the current TLS version number
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * @buf: Buffer for returning the TLS version number
+ * @buflen: buf size
+ * Returns: 0 on success, -1 on failure
+ *
+ * Get the currently used TLS version number.
+ */
+int __must_check tls_get_version(void *tls_ctx, struct tls_connection *conn,
+				 char *buf, size_t buflen);
+
 /**
 * tls_get_cipher - Get current cipher name
 * @tls_ctx: TLS context data from tls_init()
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@ -1426,6 +1426,14 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 }


+int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
+		    char *buf, size_t buflen)
+{
+	/* TODO */
+	return -1;
+}
+
+
 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
 		   char *buf, size_t buflen)
 {
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@ -617,6 +617,14 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 }


+int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
+		    char *buf, size_t buflen)
+{
+	/* TODO */
+	return -1;
+}
+
+
 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
 		   char *buf, size_t buflen)
 {
--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@ -140,6 +140,13 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 }


+int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
+		    char *buf, size_t buflen)
+{
+	return -1;
+}
+
+
 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn,
 		   char *buf, size_t buflen)
 {
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@ -3097,6 +3097,22 @@ int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn,
 }


+int tls_get_version(void *ssl_ctx, struct tls_connection *conn,
+		    char *buf, size_t buflen)
+{
+	const char *name;
+	if (conn == NULL || conn->ssl == NULL)
+		return -1;
+
+	name = SSL_get_version(conn->ssl);
+	if (name == NULL)
+		return -1;
+
+	os_strlcpy(buf, name, buflen);
+	return 0;
+}
+
+
 int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn,
 		   char *buf, size_t buflen)
 {