tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers

4 files changed, 8 insertions, 2 deletions

diff --git a/scripts/tls_test.c b/scripts/tls_test.c
index 7ec477aae..3d47f6f7a 100644
--- a/scripts/tls_test.c
+++ b/scripts/tls_test.c
@@ -105,7 +105,7 @@ static int run_client(host_t *host, identification_t *server,
 			close(fd);
 			return 1;
 		}
-		tls = tls_socket_create(FALSE, server, client, fd, cache);
+		tls = tls_socket_create(FALSE, server, client, fd, cache, TRUE);
 		if (!tls)
 		{
 			close(fd);
@@ -162,7 +162,7 @@ static int serve(host_t *host, identification_t *server,
 		}
 		DBG1(DBG_TLS, "%#H connected", host);
 
-		tls = tls_socket_create(TRUE, server, NULL, cfd, cache);
+		tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TRUE);
 		if (!tls)
 		{
 			close(fd);
diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 7314602b6..6e2955814 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -447,6 +447,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
 		case TLS_PURPOSE_EAP_TTLS:
 		case TLS_PURPOSE_EAP_PEAP:
 		case TLS_PURPOSE_GENERIC:
+		case TLS_PURPOSE_GENERIC_NULLOK:
 			break;
 		default:
 			return NULL;
diff --git a/src/libtls/tls.h b/src/libtls/tls.h
index db332fbbf..fc1d9b9fd 100644
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -107,6 +107,8 @@ enum tls_purpose_t {
 	TLS_PURPOSE_EAP_PEAP,
 	/** non-EAP TLS */
 	TLS_PURPOSE_GENERIC,
+	/** non-EAP TLS accepting NULL encryption */
+	TLS_PURPOSE_GENERIC_NULLOK,
 	/** EAP binding for TNC */
 	TLS_PURPOSE_EAP_TNC
 };
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 6addad8fe..4f67b20d6 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1846,6 +1846,9 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
 		case TLS_PURPOSE_GENERIC:
 			build_cipher_suite_list(this, TRUE);
 			break;
+		case TLS_PURPOSE_GENERIC_NULLOK:
+			build_cipher_suite_list(this, FALSE);
+			break;
 		default:
 			break;
 	}