tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers

3 files changed, 6 insertions, 0 deletions

diff --git a/src/libtls/tls.c b/src/libtls/tls.c
index 7314602b6..6e2955814 100644
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@@ -447,6 +447,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
 		case TLS_PURPOSE_EAP_TTLS:
 		case TLS_PURPOSE_EAP_PEAP:
 		case TLS_PURPOSE_GENERIC:
+		case TLS_PURPOSE_GENERIC_NULLOK:
 			break;
 		default:
 			return NULL;
diff --git a/src/libtls/tls.h b/src/libtls/tls.h
index db332fbbf..fc1d9b9fd 100644
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@@ -107,6 +107,8 @@ enum tls_purpose_t {
 	TLS_PURPOSE_EAP_PEAP,
 	/** non-EAP TLS */
 	TLS_PURPOSE_GENERIC,
+	/** non-EAP TLS accepting NULL encryption */
+	TLS_PURPOSE_GENERIC_NULLOK,
 	/** EAP binding for TNC */
 	TLS_PURPOSE_EAP_TNC
 };
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 6addad8fe..4f67b20d6 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1846,6 +1846,9 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
 		case TLS_PURPOSE_GENERIC:
 			build_cipher_suite_list(this, TRUE);
 			break;
+		case TLS_PURPOSE_GENERIC_NULLOK:
+			build_cipher_suite_list(this, FALSE);
+			break;
 		default:
 			break;
 	}