int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, int verify_peer, int eap_type) { u8 session_ctx[8]; unsigned int flags = 0; if (sm->ssl_ctx == NULL) { wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method"); return -1; } data->eap = sm; data->phase2 = sm->init_phase2; data->conn = tls_connection_init(sm->ssl_ctx); if (data->conn == NULL) { wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS " "connection"); return -1; } #ifdef CONFIG_TLS_INTERNAL tls_connection_set_log_cb(data->conn, eap_server_tls_log_cb, sm); #ifdef CONFIG_TESTING_OPTIONS tls_connection_set_test_flags(data->conn, sm->tls_test_flags); #endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TLS_INTERNAL */ if (eap_type != EAP_TYPE_FAST) flags |= TLS_CONN_DISABLE_SESSION_TICKET; os_memcpy(session_ctx, "hostapd", 7); session_ctx[7] = (u8) eap_type; if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer, flags, session_ctx, sizeof(session_ctx))) { wpa_printf(MSG_INFO, "SSL: Failed to configure verification " "of TLS peer certificate"); tls_connection_deinit(sm->ssl_ctx, data->conn); data->conn = NULL; return -1; } data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398; if (data->phase2) { /* Limit the fragment size in the inner TLS authentication * since the outer authentication with EAP-PEAP does not yet * support fragmentation */ if (data->tls_out_limit > 100) data->tls_out_limit -= 100; } return 0; }
int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, int verify_peer) { if (sm->ssl_ctx == NULL) { wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method"); return -1; } data->eap = sm; data->phase2 = sm->init_phase2; data->conn = tls_connection_init(sm->ssl_ctx); if (data->conn == NULL) { wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS " "connection"); return -1; } #ifdef CONFIG_TLS_INTERNAL tls_connection_set_log_cb(data->conn, eap_server_tls_log_cb, sm); #ifdef CONFIG_TESTING_OPTIONS tls_connection_set_test_flags(data->conn, sm->tls_test_flags); #endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TLS_INTERNAL */ if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) { wpa_printf(MSG_INFO, "SSL: Failed to configure verification " "of TLS peer certificate"); tls_connection_deinit(sm->ssl_ctx, data->conn); data->conn = NULL; return -1; } data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398; if (data->phase2) { /* Limit the fragment size in the inner TLS authentication * since the outer authentication with EAP-PEAP does not yet * support fragmentation */ if (data->tls_out_limit > 100) data->tls_out_limit -= 100; } return 0; }