Pass a client identity to pt_tls_client, usable for TLS or SASL authentication
authorMartin Willi <martin@revosec.ch>
Wed, 27 Feb 2013 13:11:00 +0000 (14:11 +0100)
committerMartin Willi <martin@revosec.ch>
Thu, 28 Feb 2013 15:46:07 +0000 (16:46 +0100)
src/libpttls/pt_tls_client.c
src/libpttls/pt_tls_client.h

index 7f91ae6..2f695ee 100644 (file)
@@ -48,7 +48,12 @@ struct private_pt_tls_client_t {
        /**
         * Server identity
         */
-       identification_t *id;
+       identification_t *server;
+
+       /**
+        * Client authentication identity
+        */
+       identification_t *client;
 
        /**
         * Current PT-TLS message identifier
@@ -77,7 +82,7 @@ static bool make_connection(private_pt_tls_client_t *this)
                return FALSE;
        }
 
-       this->tls = tls_socket_create(FALSE, this->id, NULL, fd, NULL);
+       this->tls = tls_socket_create(FALSE, this->server, this->client, fd, NULL);
        if (!this->tls)
        {
                close(fd);
@@ -283,14 +288,16 @@ METHOD(pt_tls_client_t, destroy, void,
                close(fd);
        }
        this->address->destroy(this->address);
-       this->id->destroy(this->id);
+       this->server->destroy(this->server);
+       this->client->destroy(this->client);
        free(this);
 }
 
 /**
  * See header
  */
-pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id)
+pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *server,
+                                                                         identification_t *client)
 {
        private_pt_tls_client_t *this;
 
@@ -300,7 +307,8 @@ pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id)
                        .destroy = _destroy,
                },
                .address = address,
-               .id = id,
+               .server = server,
+               .client = client,
        );
 
        return &this->public;
index 2e05536..1d418d1 100644 (file)
@@ -50,10 +50,16 @@ struct pt_tls_client_t {
 /**
  * Create a pt_tls_client instance.
  *
+ * The client identity is used for:
+ * - TLS authentication if an appropirate certificate is found
+ * - SASL authentication if requested from the server
+ *
  * @param address              address/port to run assessments against, gets owned
- * @param id                   server identity to use for authentication, gets owned
+ * @param server               server identity to use for authentication, gets owned
+ * @param client               client identity to use for authentication, gets owned
  * @return                             PT-TLS context
  */
-pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id);
+pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *server,
+                                                                         identification_t *client);
 
 #endif /** PT_TLS_CLIENT_H_ @}*/