* [PATCH 1/2] eap-tls-common: update to new ELL TLS APIs
@ 2019-10-01 21:32 James Prestwood
2019-10-01 21:32 ` [PATCH 2/2] unit: update test-eapol to new ELL APIs James Prestwood
0 siblings, 1 reply; 2+ messages in thread
From: James Prestwood @ 2019-10-01 21:32 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 1634 bytes --]
---
src/eap-tls-common.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/src/eap-tls-common.c b/src/eap-tls-common.c
index b069fcfd..d5b72963 100644
--- a/src/eap-tls-common.c
+++ b/src/eap-tls-common.c
@@ -523,6 +523,9 @@ static int eap_tls_handle_fragmented_request(struct eap_state *eap,
static bool eap_tls_tunnel_init(struct eap_state *eap)
{
struct eap_tls_state *eap_tls = eap_get_data(eap);
+ struct l_certchain *client_cert;
+ struct l_key *client_key;
+ struct l_queue *ca_cert;
if (eap_tls->tunnel)
return false;
@@ -543,14 +546,20 @@ static bool eap_tls_tunnel_init(struct eap_state *eap)
l_tls_set_debug(eap_tls->tunnel, eap_tls_tunnel_debug, eap,
NULL);
- if (!l_tls_set_auth_data(eap_tls->tunnel, eap_tls->client_cert,
- eap_tls->client_key,
- eap_tls->passphrase) ||
- (eap_tls->ca_cert &&
- !l_tls_set_cacert(eap_tls->tunnel,
- eap_tls->ca_cert))) {
+ client_cert = l_pem_load_certificate_chain(eap_tls->client_cert);
+ client_key = l_pem_load_private_key(eap_tls->client_key,
+ eap_tls->passphrase, NULL);
+ ca_cert = l_pem_load_certificate_list(eap_tls->ca_cert);
+
+ if (!l_tls_set_auth_data(eap_tls->tunnel, client_cert, client_key) ||
+ (ca_cert &&
+ !l_tls_set_cacert(eap_tls->tunnel, ca_cert))) {
l_error("%s: Error loading TLS keys or certificates.",
eap_get_method_name(eap));
+ l_certchain_free(client_cert);
+ l_key_free(client_key);
+ l_queue_destroy(ca_cert,
+ (l_queue_destroy_func_t)l_certchain_free);
return false;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 2/2] unit: update test-eapol to new ELL APIs
2019-10-01 21:32 [PATCH 1/2] eap-tls-common: update to new ELL TLS APIs James Prestwood
@ 2019-10-01 21:32 ` James Prestwood
0 siblings, 0 replies; 2+ messages in thread
From: James Prestwood @ 2019-10-01 21:32 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 1304 bytes --]
---
unit/test-eapol.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/unit/test-eapol.c b/unit/test-eapol.c
index c43fe278..109c93bb 100644
--- a/unit/test-eapol.c
+++ b/unit/test-eapol.c
@@ -2906,6 +2906,9 @@ static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
struct eapol_key *step1, *step2, *step3, *step4;
uint8_t ptk_buf[64];
uint8_t *ptk;
+ struct l_certchain *server_cert;
+ struct l_key *server_key;
+ struct l_queue *ca_cert;
aa = ap_address;
spa = sta_address;
@@ -2955,9 +2958,13 @@ static void eapol_sm_test_tls(struct eapol_8021x_tls_test_state *s,
s->tx_buf_len = 0;
s->tx_buf_offset = 0;
- assert(l_tls_set_auth_data(s->tls, CERTDIR "cert-server.pem",
- CERTDIR "cert-server-key-pkcs8.pem", NULL));
- assert(l_tls_set_cacert(s->tls, CERTDIR "cert-ca.pem"));
+ server_cert = l_pem_load_certificate_chain(CERTDIR "cert-server.pem");
+ server_key = l_pem_load_private_key(CERTDIR "cert-server-key-pkcs8.pem",
+ NULL, NULL);
+ ca_cert = l_pem_load_certificate_list(CERTDIR "cert-ca.pem");
+
+ assert(l_tls_set_auth_data(s->tls, server_cert, server_key));
+ assert(l_tls_set_cacert(s->tls, ca_cert));
assert(l_tls_start(s->tls));
ths->handshake_failed = false;
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-10-01 21:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-01 21:32 [PATCH 1/2] eap-tls-common: update to new ELL TLS APIs James Prestwood
2019-10-01 21:32 ` [PATCH 2/2] unit: update test-eapol to new ELL APIs James Prestwood
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.