diff options
| author | Martin Willi <martin@revosec.ch> | 2010-08-24 11:34:43 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-08-24 11:34:43 +0200 |
| commit | 69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6 (patch) | |
| tree | 1e4fbeded6b1cd5b456a21c594f80a212d7f2b89 /src/libtls/tls_server.c | |
| parent | a2c12359691943ede12f7f515cbe97af1b193e7b (diff) | |
| download | strongswan-69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6.tar.bz2 strongswan-69e8bb2e8d61a8e7b2a889eaae9722a4e5ed51c6.tar.xz | |
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
Diffstat (limited to 'src/libtls/tls_server.c')
| -rw-r--r-- | src/libtls/tls_server.c | 28 |
1 files changed, 6 insertions, 22 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index 54c4633be..0914afad3 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -70,7 +70,7 @@ struct private_tls_server_t { identification_t *server; /** - * Peer identity + * Peer identity, NULL for no client authentication */ identification_t *peer; @@ -90,11 +90,6 @@ struct private_tls_server_t { char server_random[32]; /** - * Does the server request a peer authentication? - */ - bool request_peer_auth; - - /** * Auth helper for peer authentication */ auth_cfg_t *peer_auth; @@ -359,7 +354,7 @@ METHOD(tls_handshake_t, process, status_t, { return process_certificate(this, reader); } - if (this->request_peer_auth) + if (this->peer) { expected = TLS_CERTIFICATE; break; @@ -377,7 +372,7 @@ METHOD(tls_handshake_t, process, status_t, { return process_cert_verify(this, reader); } - if (this->request_peer_auth) + if (this->peer) { expected = TLS_CERTIFICATE_VERIFY; break; @@ -591,7 +586,7 @@ METHOD(tls_handshake_t, build, status_t, case STATE_HELLO_SENT: return send_certificate(this, type, writer); case STATE_CERT_SENT: - if (this->request_peer_auth) + if (this->peer) { return send_certificate_request(this, type, writer); } @@ -622,8 +617,8 @@ METHOD(tls_handshake_t, cipherspec_changed, bool, METHOD(tls_handshake_t, change_cipherspec, bool, private_tls_server_t *this) { - if ((this->request_peer_auth && this->state == STATE_CERT_VERIFY_RECEIVED) || - (!this->request_peer_auth && this->state == STATE_KEY_EXCHANGE_RECEIVED)) + if ((this->peer && this->state == STATE_CERT_VERIFY_RECEIVED) || + (!this->peer && this->state == STATE_KEY_EXCHANGE_RECEIVED)) { this->crypto->change_cipher(this->crypto, TRUE); this->state = STATE_CIPHERSPEC_CHANGED_IN; @@ -677,16 +672,5 @@ tls_server_t *tls_server_create(tls_t *tls, .server_auth = auth_cfg_create(), ); - switch (tls->get_purpose(tls)) - { - case TLS_PURPOSE_EAP_TLS: - case TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH: - case TLS_PURPOSE_GENERIC_CLIENT_AUTH: - this->request_peer_auth = TRUE; - break; - case TLS_PURPOSE_EAP_TTLS: - case TLS_PURPOSE_GENERIC: - break; - } return &this->public; } |