diff options
| author | Martin Willi <martin@revosec.ch> | 2013-02-27 14:11:00 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-02-28 16:46:07 +0100 |
| commit | 806126eab2b0a0b0170a6eef70a30856f4fc947f (patch) | |
| tree | 9db8602d73a43e762d855c9c49df3e326c9dc789 /src | |
| parent | 55854ecc25c0984a39ed6ff247c7ba772d0fbe11 (diff) | |
| download | strongswan-806126eab2b0a0b0170a6eef70a30856f4fc947f.tar.bz2 strongswan-806126eab2b0a0b0170a6eef70a30856f4fc947f.tar.xz | |
Pass a client identity to pt_tls_client, usable for TLS or SASL authentication
Diffstat (limited to 'src')
| -rw-r--r-- | src/libpttls/pt_tls_client.c | 18 | ||||
| -rw-r--r-- | src/libpttls/pt_tls_client.h | 10 |
2 files changed, 21 insertions, 7 deletions
diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index 7f91ae691..2f695ee99 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -48,7 +48,12 @@ struct private_pt_tls_client_t { /** * Server identity */ - identification_t *id; + identification_t *server; + + /** + * Client authentication identity + */ + identification_t *client; /** * Current PT-TLS message identifier @@ -77,7 +82,7 @@ static bool make_connection(private_pt_tls_client_t *this) return FALSE; } - this->tls = tls_socket_create(FALSE, this->id, NULL, fd, NULL); + this->tls = tls_socket_create(FALSE, this->server, this->client, fd, NULL); if (!this->tls) { close(fd); @@ -283,14 +288,16 @@ METHOD(pt_tls_client_t, destroy, void, close(fd); } this->address->destroy(this->address); - this->id->destroy(this->id); + this->server->destroy(this->server); + this->client->destroy(this->client); free(this); } /** * See header */ -pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id) +pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *server, + identification_t *client) { private_pt_tls_client_t *this; @@ -300,7 +307,8 @@ pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id) .destroy = _destroy, }, .address = address, - .id = id, + .server = server, + .client = client, ); return &this->public; diff --git a/src/libpttls/pt_tls_client.h b/src/libpttls/pt_tls_client.h index 2e0553641..1d418d181 100644 --- a/src/libpttls/pt_tls_client.h +++ b/src/libpttls/pt_tls_client.h @@ -50,10 +50,16 @@ struct pt_tls_client_t { /** * Create a pt_tls_client instance. * + * The client identity is used for: + * - TLS authentication if an appropirate certificate is found + * - SASL authentication if requested from the server + * * @param address address/port to run assessments against, gets owned - * @param id server identity to use for authentication, gets owned + * @param server server identity to use for authentication, gets owned + * @param client client identity to use for authentication, gets owned * @return PT-TLS context */ -pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *id); +pt_tls_client_t *pt_tls_client_create(host_t *address, identification_t *server, + identification_t *client); #endif /** PT_TLS_CLIENT_H_ @}*/ |