diff options
| -rw-r--r-- | src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c | 4 | ||||
| -rw-r--r-- | src/libpttls/pt_tls_client.c | 3 | ||||
| -rw-r--r-- | src/libpttls/pt_tls_server.c | 2 | ||||
| -rw-r--r-- | src/libtls/tls_socket.c | 15 | ||||
| -rw-r--r-- | src/libtls/tls_socket.h | 4 |
5 files changed, 21 insertions, 7 deletions
diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c index 5206ba4e7..af1b28adf 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c @@ -876,7 +876,8 @@ static bool soap_init(private_tnc_ifmap_soap_t *this) } /* open TLS socket */ - this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, NULL); + this->tls = tls_socket_create(FALSE, server_id, client_id, this->fd, + NULL, FALSE); if (!this->tls) { DBG1(DBG_TNC, "creating TLS socket failed"); @@ -923,4 +924,3 @@ tnc_ifmap_soap_t *tnc_ifmap_soap_create() return &this->public; } - diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index 01a84cd14..98a2f4b47 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -84,7 +84,8 @@ static bool make_connection(private_pt_tls_client_t *this) return FALSE; } - this->tls = tls_socket_create(FALSE, this->server, this->client, fd, NULL); + this->tls = tls_socket_create(FALSE, this->server, this->client, fd, + NULL, FALSE); if (!this->tls) { close(fd); diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c index 9af00e7c2..3c07475d9 100644 --- a/src/libpttls/pt_tls_server.c +++ b/src/libpttls/pt_tls_server.c @@ -532,7 +532,7 @@ pt_tls_server_t *pt_tls_server_create(identification_t *server, int fd, .destroy = _destroy, }, .state = PT_TLS_SERVER_VERSION, - .tls = tls_socket_create(TRUE, server, NULL, fd, NULL), + .tls = tls_socket_create(TRUE, server, NULL, fd, NULL, FALSE), .tnccs = (tls_t*)tnccs, .auth = auth, ); diff --git a/src/libtls/tls_socket.c b/src/libtls/tls_socket.c index 19232750b..4b18fa60e 100644 --- a/src/libtls/tls_socket.c +++ b/src/libtls/tls_socket.c @@ -406,9 +406,11 @@ METHOD(tls_socket_t, destroy, void, * See header */ tls_socket_t *tls_socket_create(bool is_server, identification_t *server, - identification_t *peer, int fd, tls_cache_t *cache) + identification_t *peer, int fd, tls_cache_t *cache, + bool nullok) { private_tls_socket_t *this; + tls_purpose_t purpose; INIT(this, .public = { @@ -430,7 +432,16 @@ tls_socket_t *tls_socket_create(bool is_server, identification_t *server, .fd = fd, ); - this->tls = tls_create(is_server, server, peer, TLS_PURPOSE_GENERIC, + if (nullok) + { + purpose = TLS_PURPOSE_GENERIC_NULLOK; + } + else + { + purpose = TLS_PURPOSE_GENERIC; + } + + this->tls = tls_create(is_server, server, peer, purpose, &this->app.application, cache); if (!this->tls) { diff --git a/src/libtls/tls_socket.h b/src/libtls/tls_socket.h index 75130a4d3..54278dd01 100644 --- a/src/libtls/tls_socket.h +++ b/src/libtls/tls_socket.h @@ -104,9 +104,11 @@ struct tls_socket_t { * @param peer client identity, NULL for no client authentication * @param fd socket to read/write from * @param cache session cache to use, or NULL + * @param nullok accept NULL encryption ciphers * @return TLS socket wrapper */ tls_socket_t *tls_socket_create(bool is_server, identification_t *server, - identification_t *peer, int fd, tls_cache_t *cache); + identification_t *peer, int fd, tls_cache_t *cache, + bool nullok); #endif /** TLS_SOCKET_H_ @}*/ |