From 806126eab2b0a0b0170a6eef70a30856f4fc947f Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 27 Feb 2013 14:11:00 +0100 Subject: [PATCH] Pass a client identity to pt_tls_client, usable for TLS or SASL authentication --- src/libpttls/pt_tls_client.c | 18 +++++++++++++----- src/libpttls/pt_tls_client.h | 10 ++++++++-- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index 7f91ae6..2f695ee 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -48,7 +48,12 @@ struct private_pt_tls_client_t { /** * Server identity */ - identification_t *id; + identification_t *server; + + /** + * Client authentication identity + */ + identification_t *client; /** * Current PT-TLS message identifier @@ -77,7 +82,7 @@ static bool make_connection(private_pt_tls_client_t *this) return FALSE; } - this->tls = tls_socket_create(FALSE, this->id, NULL, fd, NULL); + this->tls = tls_socket_create(FALSE, this->server, this->client, fd, NULL); if (!this->tls) { close(fd); @@ -283,14 +288,16 @@ METHOD(pt_tls_client_t, destroy, void, close(fd); } this->address->destroy(this->address); - this->id->destroy(this->id); + this->server->destroy(this->server); + this->client->destroy(this->client); free(this); } /** * See header */ -pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id) +pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *server, + identification_t *client) { private_pt_tls_client_t *this; @@ -300,7 +307,8 @@ pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id) .destroy = _destroy, }, .address = address, - .id = id, + .server = server, + .client = client, ); return &this->public; diff --git a/src/libpttls/pt_tls_client.h b/src/libpttls/pt_tls_client.h index 2e05536..1d418d1 100644 --- a/src/libpttls/pt_tls_client.h +++ b/src/libpttls/pt_tls_client.h @@ -50,10 +50,16 @@ struct pt_tls_client_t { /** * Create a pt_tls_client instance. * + * The client identity is used for: + * - TLS authentication if an appropirate certificate is found + * - SASL authentication if requested from the server + * * @param address address/port to run assessments against, gets owned - * @param id server identity to use for authentication, gets owned + * @param server server identity to use for authentication, gets owned + * @param client client identity to use for authentication, gets owned * @return PT-TLS context */ -pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id); +pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *server, + identification_t *client); #endif /** PT_TLS_CLIENT_H_ @}*/ -- 2.7.4