diff options
| author | Eivind Næss <eivnaes@yahoo.com> | 2021-06-24 16:06:11 -0700 |
|---|---|---|
| committer | Eivind Næss <eivnaes@yahoo.com> | 2021-09-27 09:17:32 -0700 |
| commit | 789e867f6e51b2d3e7f6ebe723f43764d5d8b595 (patch) | |
| tree | 4b58142260936a5647fe24309c678783e666bede /pppd/eap-tls.h | |
| parent | 4e2c49755175d05f7f4a3c1c70a42d2eef9d7839 (diff) | |
| download | ppp-789e867f6e51b2d3e7f6ebe723f43764d5d8b595.tar.gz | |
Improve the PEAP contribution by Rustam Kovhaev
These changes adds to his contribution by
* Adding options to perform CA/CRL checking and certificate validation
consistent with what is already been done for EAP-TLS
* Certificate validation is now in line with what is already been done
for EAP-TLS. Users can now set "remotename" and "tls-verify-method" to
control these.
* Validation of certificate purpose and extended key usage is controlled
by the option "tls-verify-key-usage".
* Fixing up MPPE key generation to use the new API for handling MPPE keys
* Man page is updated where appropriate for the new options.
* Added unit-tests for the PEAP code in case of crypto or parameters would
change in the future.
* Added the peap feature to configure scripts. Users can now control the
feature by specifying --enable-peap/--disable-peap.
To acheive feature parity with the EAP-TLS change, the EAP-TLS common code was
refactored into tls.c/.h such that it could be re-used in both instances.
Using PEAP/MSCHAPv2 is now supported in PPPD with this change.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Diffstat (limited to 'pppd/eap-tls.h')
| -rw-r--r-- | pppd/eap-tls.h | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/pppd/eap-tls.h b/pppd/eap-tls.h index d0c80b6..9c56687 100644 --- a/pppd/eap-tls.h +++ b/pppd/eap-tls.h @@ -46,6 +46,8 @@ #define EAP_TLS_MAX_LEN 65536 /* max eap tls packet size */ +struct tls_info; + struct eaptls_session { u_char *data; /* buffered data */ @@ -58,7 +60,6 @@ struct eaptls_session SSL *ssl; /* ssl connection */ BIO *from_ssl; BIO *into_ssl; - char peer[MAXWORDLEN]; /* peer name */ char peercertfile[MAXWORDLEN]; bool alert_sent; u_char alert_sent_desc; @@ -67,12 +68,12 @@ struct eaptls_session char rtx[EAP_TLS_MAX_LEN]; /* retransmission buffer */ int rtx_len; int mtu; /* unit mtu */ - bool client; + struct tls_info *info; }; SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, char *capath, - char *certfile, char *peer_certfile, char *privkeyfile, char *pkcs12); + char *certfile, char *privkeyfile, char *pkcs12); int eaptls_init_ssl_server(eap_state * esp); int eaptls_init_ssl_client(eap_state * esp); void eaptls_free_session(struct eaptls_session *ets); |