diff options
author | Thomas Haller <thaller@redhat.com> | 2017-02-17 15:19:42 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2017-02-20 14:06:14 +0100 |
commit | 2a11c57c4e68f05ae3d9bbb88b0a925bdfb85bde (patch) | |
tree | 3035e1aabcff4473db5f24eaaab338202075df88 /src/supplicant | |
parent | 8ce60a302af87c4e8d085ae2ee2735a2e5579174 (diff) | |
download | NetworkManager-2a11c57c4e68f05ae3d9bbb88b0a925bdfb85bde.tar.gz |
libnm/wifi: rework NMSetting8021xAuthFlags to explicitly disable TLS version
The wpa_supplicant API supports to enable/disable each TLS version
individually, or leave it at the default. Currently, the default
means to enable a TLS version, thus, the only meaningful option
for the momemnt means to explicitly disable it.
In the future, supplicant may disable options by default, and
the inverse option can become interesting to configure
"tls_disable_tlsv1_0=0". When that happens, we can solve it by
adding another flag NM_SETTING_802_1X_AUTH_FLAGS_TLS_1_0_ENABLE.
Change the previous behavior of the NMSetting8021xAuthFlags.
Previously, when not specifying TLS_DISABLE_DEFAULT, all
options were unspecified. On the other hand, when specifying
a single TLS disable flag, all versions were explicitly enabled
or disabled.
Instead, change the meaning of the disable flags. When present,
it explicitly disables an option. But it does not explicitly enable
it.
Diffstat (limited to 'src/supplicant')
-rw-r--r-- | src/supplicant/nm-supplicant-config.c | 19 |
1 files changed, 6 insertions, 13 deletions
diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index e67912cb5f..f9a846204b 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -984,19 +984,12 @@ nm_supplicant_config_add_setting_8021x (NMSupplicantConfig *self, } phase1_auth_flags = nm_setting_802_1x_get_phase1_auth_flags (setting); - if (phase1_auth_flags != NM_SETTING_802_1X_AUTH_FLAGS_TLS_DISABLE_DEFAULT) { - if (phase1->len) - g_string_append_c (phase1, ' '); - g_string_append_printf (phase1, "tls_disable_tlsv1_0=%d", - (NM_FLAGS_HAS (phase1_auth_flags, - NM_SETTING_802_1X_AUTH_FLAGS_TLS_DISABLE_1_0)) ? 1 : 0); - g_string_append_printf (phase1, " tls_disable_tlsv1_1=%d", - (NM_FLAGS_HAS (phase1_auth_flags, - NM_SETTING_802_1X_AUTH_FLAGS_TLS_DISABLE_1_1)) ? 1 : 0); - g_string_append_printf (phase1, " tls_disable_tlsv1_2=%d", - (NM_FLAGS_HAS (phase1_auth_flags, - NM_SETTING_802_1X_AUTH_FLAGS_TLS_DISABLE_1_2)) ? 1 : 0); - } + if (NM_FLAGS_HAS (phase1_auth_flags, NM_SETTING_802_1X_AUTH_FLAGS_TLS_1_0_DISABLE)) + g_string_append_printf (phase1, "%stls_disable_tlsv1_0=1", (phase1->len ? " " : "")); + if (NM_FLAGS_HAS (phase1_auth_flags, NM_SETTING_802_1X_AUTH_FLAGS_TLS_1_1_DISABLE)) + g_string_append_printf (phase1, "%stls_disable_tlsv1_1=1", (phase1->len ? " " : "")); + if (NM_FLAGS_HAS (phase1_auth_flags, NM_SETTING_802_1X_AUTH_FLAGS_TLS_1_2_DISABLE)) + g_string_append_printf (phase1, "%stls_disable_tlsv1_2=1", (phase1->len ? " " : "")); if (phase1->len) { if (!add_string_val (self, phase1->str, "phase1", FALSE, NULL, error)) { |