diff options
author | Jan Just Keijser <jan.just.keijser@gmail.com> | 2020-10-19 17:57:36 +0200 |
---|---|---|
committer | Jan Just Keijser <jan.just.keijser@gmail.com> | 2020-10-19 18:00:54 +0200 |
commit | e87fe1bbd37a1486c5223f110e9ce3ef75971f93 (patch) | |
tree | 26f5fc71e94424b8fac38a9367518d481ce83c88 /etc.ppp | |
parent | ad3937a0a38a696eb1a37dbf8f92e8e6072cdccb (diff) | |
download | ppp-e87fe1bbd37a1486c5223f110e9ce3ef75971f93.tar.gz |
Add support for EAP-TLS (including experimental TLS v1.3 support).
Signed-off-by: Jan Just Keijser <jan.just.keijser@gmail.com>
Diffstat (limited to 'etc.ppp')
-rw-r--r-- | etc.ppp/eaptls-client | 10 | ||||
-rw-r--r-- | etc.ppp/eaptls-server | 11 | ||||
-rw-r--r-- | etc.ppp/openssl.cnf | 14 |
3 files changed, 35 insertions, 0 deletions
diff --git a/etc.ppp/eaptls-client b/etc.ppp/eaptls-client new file mode 100644 index 0000000..7782f0e --- /dev/null +++ b/etc.ppp/eaptls-client @@ -0,0 +1,10 @@ +# Parameters for authentication using EAP-TLS (client) + +# client name (can be *) +# server name (can be *) +# client certificate file (required) +# server certificate file (optional, if unused put '-') +# CA certificate file (required) +# client private key file (required) + +#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key diff --git a/etc.ppp/eaptls-server b/etc.ppp/eaptls-server new file mode 100644 index 0000000..fa53cbd --- /dev/null +++ b/etc.ppp/eaptls-server @@ -0,0 +1,11 @@ +# Parameters for authentication using EAP-TLS (server) + +# client name (can be *) +# server name (can be *) +# client certificate file (optional, if unused put '-') +# server certificate file (required) +# CA certificate file (required) +# server private key file (required) +# allowed addresses (required, can be *) + +#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24 diff --git a/etc.ppp/openssl.cnf b/etc.ppp/openssl.cnf new file mode 100644 index 0000000..dd32f30 --- /dev/null +++ b/etc.ppp/openssl.cnf @@ -0,0 +1,14 @@ +openssl_conf = openssl_def + +[ openssl_def ] +engines = engine_section + +[ engine_section ] +pkcs11 = pkcs11_section + +[ pkcs11_section ] +engine_id = pkcs11 +dynamic_path = /usr/lib64/openssl/engines/engine_pkcs11.so +MODULE_PATH = /usr/lib64/libeTPkcs11.so +init = 0 + |