tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers

2025-10-05 00:00:45 -04:00 · 2014-03-25 09:49:04 +01:00 · 2014-03-25 09:49:04 +01:00 · ddf5222096
commit ddf5222096
parent ac5717c9e9
4 changed files with 8 additions and 2 deletions
--- a/scripts/tls_test.c
+++ b/scripts/tls_test.c
@ -105,7 +105,7 @@ static int run_client(host_t *host, identification_t *server,
 			close(fd);
 			return 1;
 		}
-		tls = tls_socket_create(FALSE, server, client, fd, cache);
+		tls = tls_socket_create(FALSE, server, client, fd, cache, TRUE);
 		if (!tls)
 		{
 			close(fd);
@ -162,7 +162,7 @@ static int serve(host_t *host, identification_t *server,
 		}
 		DBG1(DBG_TLS, "%#H connected", host);
-		tls = tls_socket_create(TRUE, server, NULL, cfd, cache);
+		tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TRUE);
 		if (!tls)
 		{
 			close(fd);
--- a/src/libtls/tls.c
+++ b/src/libtls/tls.c
@ -447,6 +447,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
 		case TLS_PURPOSE_EAP_TTLS:
 		case TLS_PURPOSE_EAP_PEAP:
 		case TLS_PURPOSE_GENERIC:
 		case TLS_PURPOSE_GENERIC_NULLOK:
 			break;
 		default:
 			return NULL;
--- a/src/libtls/tls.h
+++ b/src/libtls/tls.h
@ -107,6 +107,8 @@ enum tls_purpose_t {
 	TLS_PURPOSE_EAP_PEAP,
 	/** non-EAP TLS */
 	TLS_PURPOSE_GENERIC,
 	/** non-EAP TLS accepting NULL encryption */
 	TLS_PURPOSE_GENERIC_NULLOK,
 	/** EAP binding for TNC */
 	TLS_PURPOSE_EAP_TNC
 };
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@ -1846,6 +1846,9 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
 		case TLS_PURPOSE_GENERIC:
 			build_cipher_suite_list(this, TRUE);
 			break;
 		case TLS_PURPOSE_GENERIC_NULLOK:
 			build_cipher_suite_list(this, FALSE);
 			break;
 		default:
 			break;
 	}