From 180a2f2642fc55c9d0836449e55bf76a52391c31 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Wed, 7 Aug 2013 19:41:29 +0200 Subject: rapid PT-TLS AR/PDP prototype --- src/libpttls/pt_tls.h | 5 +++++ src/libpttls/pt_tls_client.c | 7 +++++++ src/libpttls/pt_tls_dispatcher.c | 4 +--- src/libpttls/pt_tls_server.c | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) (limited to 'src/libpttls') diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h index 92a040f3f..7384cf2d5 100644 --- a/src/libpttls/pt_tls.h +++ b/src/libpttls/pt_tls.h @@ -37,6 +37,11 @@ */ #define PT_TLS_HEADER_LEN 16 +/** + * Default PT-TLS port + */ +#define PT_TLS_PORT 271 + typedef enum pt_tls_message_type_t pt_tls_message_type_t; typedef enum pt_tls_sasl_result_t pt_tls_sasl_result_t; typedef enum pt_tls_auth_t pt_tls_auth_t; diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index d3ac936a2..76dd5ee44 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -437,19 +437,26 @@ METHOD(pt_tls_client_t, run_assessment, status_t, { if (!this->tls) { + DBG1(DBG_TNC, "entering PT-TLS setup phase"); if (!make_connection(this)) { return FAILED; } } + + DBG1(DBG_TNC, "entering PT-TLS negotiation phase"); if (!negotiate_version(this)) { return FAILED; } + + DBG1(DBG_TNC, "doing SASL client authentication"); if (!authenticate(this)) { return FAILED; } + + DBG1(DBG_TNC, "entering PT-TLS data transport phase"); if (!assess(this, (tls_t*)tnccs)) { return FAILED; diff --git a/src/libpttls/pt_tls_dispatcher.c b/src/libpttls/pt_tls_dispatcher.c index 469951616..5c306371c 100644 --- a/src/libpttls/pt_tls_dispatcher.c +++ b/src/libpttls/pt_tls_dispatcher.c @@ -185,7 +185,7 @@ pt_tls_dispatcher_t *pt_tls_dispatcher_create(host_t *address, .dispatch = _dispatch, .destroy = _destroy, }, - .server = id, + .server = id->clone(id), /* we currently don't authenticate the peer, use %any identity */ .peer = identification_create_from_encoding(ID_ANY, chunk_empty), .fd = -1, @@ -194,11 +194,9 @@ pt_tls_dispatcher_t *pt_tls_dispatcher_create(host_t *address, if (!open_socket(this, address)) { - address->destroy(address); destroy(this); return NULL; } - address->destroy(address); return &this->public; } diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c index 3e134f0dd..2796e0dd0 100644 --- a/src/libpttls/pt_tls_server.c +++ b/src/libpttls/pt_tls_server.c @@ -478,7 +478,7 @@ METHOD(pt_tls_server_t, handle, status_t, } DBG1(DBG_TNC, "negotiated PT-TLS version %d", PT_TLS_VERSION); this->state = PT_TLS_SERVER_AUTH; - break; + /* fall through to next state */ case PT_TLS_SERVER_AUTH: if (!authenticate(this)) { -- cgit v1.2.3