diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-08-07 19:41:29 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-08-15 23:34:22 +0200 |
| commit | 180a2f2642fc55c9d0836449e55bf76a52391c31 (patch) | |
| tree | 29c5c1479b275b6918236ae9baa702cfe00410ed /src/libpttls | |
| parent | f5b5d262e8929784d13d6ed1e76e0f00eedb2698 (diff) | |
| download | strongswan-180a2f2642fc55c9d0836449e55bf76a52391c31.tar.bz2 strongswan-180a2f2642fc55c9d0836449e55bf76a52391c31.tar.xz | |
rapid PT-TLS AR/PDP prototype
Diffstat (limited to 'src/libpttls')
| -rw-r--r-- | src/libpttls/pt_tls.h | 5 | ||||
| -rw-r--r-- | src/libpttls/pt_tls_client.c | 7 | ||||
| -rw-r--r-- | src/libpttls/pt_tls_dispatcher.c | 4 | ||||
| -rw-r--r-- | src/libpttls/pt_tls_server.c | 2 |
4 files changed, 14 insertions, 4 deletions
diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h index 92a040f3f..7384cf2d5 100644 --- a/src/libpttls/pt_tls.h +++ b/src/libpttls/pt_tls.h @@ -37,6 +37,11 @@ */ #define PT_TLS_HEADER_LEN 16 +/** + * Default PT-TLS port + */ +#define PT_TLS_PORT 271 + typedef enum pt_tls_message_type_t pt_tls_message_type_t; typedef enum pt_tls_sasl_result_t pt_tls_sasl_result_t; typedef enum pt_tls_auth_t pt_tls_auth_t; diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index d3ac936a2..76dd5ee44 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -437,19 +437,26 @@ METHOD(pt_tls_client_t, run_assessment, status_t, { if (!this->tls) { + DBG1(DBG_TNC, "entering PT-TLS setup phase"); if (!make_connection(this)) { return FAILED; } } + + DBG1(DBG_TNC, "entering PT-TLS negotiation phase"); if (!negotiate_version(this)) { return FAILED; } + + DBG1(DBG_TNC, "doing SASL client authentication"); if (!authenticate(this)) { return FAILED; } + + DBG1(DBG_TNC, "entering PT-TLS data transport phase"); if (!assess(this, (tls_t*)tnccs)) { return FAILED; diff --git a/src/libpttls/pt_tls_dispatcher.c b/src/libpttls/pt_tls_dispatcher.c index 469951616..5c306371c 100644 --- a/src/libpttls/pt_tls_dispatcher.c +++ b/src/libpttls/pt_tls_dispatcher.c @@ -185,7 +185,7 @@ pt_tls_dispatcher_t *pt_tls_dispatcher_create(host_t *address, .dispatch = _dispatch, .destroy = _destroy, }, - .server = id, + .server = id->clone(id), /* we currently don't authenticate the peer, use %any identity */ .peer = identification_create_from_encoding(ID_ANY, chunk_empty), .fd = -1, @@ -194,11 +194,9 @@ pt_tls_dispatcher_t *pt_tls_dispatcher_create(host_t *address, if (!open_socket(this, address)) { - address->destroy(address); destroy(this); return NULL; } - address->destroy(address); return &this->public; } diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c index 3e134f0dd..2796e0dd0 100644 --- a/src/libpttls/pt_tls_server.c +++ b/src/libpttls/pt_tls_server.c @@ -478,7 +478,7 @@ METHOD(pt_tls_server_t, handle, status_t, } DBG1(DBG_TNC, "negotiated PT-TLS version %d", PT_TLS_VERSION); this->state = PT_TLS_SERVER_AUTH; - break; + /* fall through to next state */ case PT_TLS_SERVER_AUTH: if (!authenticate(this)) { |