diff options
| author | Eivind Næss <eivnaes@yahoo.com> | 2021-06-24 16:06:11 -0700 |
|---|---|---|
| committer | Eivind Næss <eivnaes@yahoo.com> | 2021-09-27 09:17:32 -0700 |
| commit | 789e867f6e51b2d3e7f6ebe723f43764d5d8b595 (patch) | |
| tree | 4b58142260936a5647fe24309c678783e666bede /pppd/pppd.h | |
| parent | 4e2c49755175d05f7f4a3c1c70a42d2eef9d7839 (diff) | |
| download | ppp-789e867f6e51b2d3e7f6ebe723f43764d5d8b595.tar.gz | |
Improve the PEAP contribution by Rustam Kovhaev
These changes adds to his contribution by
* Adding options to perform CA/CRL checking and certificate validation
consistent with what is already been done for EAP-TLS
* Certificate validation is now in line with what is already been done
for EAP-TLS. Users can now set "remotename" and "tls-verify-method" to
control these.
* Validation of certificate purpose and extended key usage is controlled
by the option "tls-verify-key-usage".
* Fixing up MPPE key generation to use the new API for handling MPPE keys
* Man page is updated where appropriate for the new options.
* Added unit-tests for the PEAP code in case of crypto or parameters would
change in the future.
* Added the peap feature to configure scripts. Users can now control the
feature by specifying --enable-peap/--disable-peap.
To acheive feature parity with the EAP-TLS change, the EAP-TLS common code was
refactored into tls.c/.h such that it could be re-used in both instances.
Using PEAP/MSCHAPv2 is now supported in PPPD with this change.
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Diffstat (limited to 'pppd/pppd.h')
| -rw-r--r-- | pppd/pppd.h | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/pppd/pppd.h b/pppd/pppd.h index ba62ca5..ab8f674 100644 --- a/pppd/pppd.h +++ b/pppd/pppd.h @@ -336,19 +336,25 @@ extern bool dump_options; /* print out option values */ extern bool dryrun; /* check everything, print options, exit */ extern int child_wait; /* # seconds to wait for children at end */ -#ifdef USE_EAPTLS +#if defined(USE_EAPTLS) || defined(USE_PEAP) #define TLS_VERIFY_NONE "none" #define TLS_VERIFY_NAME "name" #define TLS_VERIFY_SUBJECT "subject" #define TLS_VERIFY_SUFFIX "suffix" -extern char *crl_dir; -extern char *crl_file; -extern char *pkcs12_file; +extern char *crl_dir; +extern char *crl_file; +extern char *ca_path; +extern char *cacert_file; + extern char *max_tls_version; extern bool tls_verify_key_usage; extern char *tls_verify_method; +#endif /* USE_EAPTLS || USE_PEAP */ + +#ifdef USE_EAPTLS +extern char *pkcs12_file; #endif /* USE_EAPTLS */ #ifdef MAXOCTETS |