tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers
authorMartin Willi <martin@revosec.ch>
Tue, 25 Mar 2014 08:49:04 +0000 (09:49 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 1 Apr 2014 12:28:55 +0000 (14:28 +0200)
scripts/tls_test.c
src/libtls/tls.c
src/libtls/tls.h
src/libtls/tls_crypto.c

index 7ec477a..3d47f6f 100644 (file)
@@ -105,7 +105,7 @@ static int run_client(host_t *host, identification_t *server,
                        close(fd);
                        return 1;
                }
-               tls = tls_socket_create(FALSE, server, client, fd, cache);
+               tls = tls_socket_create(FALSE, server, client, fd, cache, TRUE);
                if (!tls)
                {
                        close(fd);
@@ -162,7 +162,7 @@ static int serve(host_t *host, identification_t *server,
                }
                DBG1(DBG_TLS, "%#H connected", host);
 
-               tls = tls_socket_create(TRUE, server, NULL, cfd, cache);
+               tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TRUE);
                if (!tls)
                {
                        close(fd);
index 7314602..6e29558 100644 (file)
@@ -447,6 +447,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
                case TLS_PURPOSE_EAP_TTLS:
                case TLS_PURPOSE_EAP_PEAP:
                case TLS_PURPOSE_GENERIC:
+               case TLS_PURPOSE_GENERIC_NULLOK:
                        break;
                default:
                        return NULL;
index db332fb..fc1d9b9 100644 (file)
@@ -107,6 +107,8 @@ enum tls_purpose_t {
        TLS_PURPOSE_EAP_PEAP,
        /** non-EAP TLS */
        TLS_PURPOSE_GENERIC,
+       /** non-EAP TLS accepting NULL encryption */
+       TLS_PURPOSE_GENERIC_NULLOK,
        /** EAP binding for TNC */
        TLS_PURPOSE_EAP_TNC
 };
index 6addad8..4f67b20 100644 (file)
@@ -1846,6 +1846,9 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
                case TLS_PURPOSE_GENERIC:
                        build_cipher_suite_list(this, TRUE);
                        break;
+               case TLS_PURPOSE_GENERIC_NULLOK:
+                       build_cipher_suite_list(this, FALSE);
+                       break;
                default:
                        break;
        }