tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers

scripts/tls_test.c

@@ -105,7 +105,7 @@ static int run_client(host_t *host, identification_t *server,
 			close(fd);
 			return 1;
 		}
-		tls = tls_socket_create(FALSE, server, client, fd, cache);
+		tls = tls_socket_create(FALSE, server, client, fd, cache, TRUE);
 		if (!tls)
 		{
 			close(fd);
@@ -162,7 +162,7 @@ static int serve(host_t *host, identification_t *server,
 		}
 		DBG1(DBG_TLS, "%#H connected", host);
 
-		tls = tls_socket_create(TRUE, server, NULL, cfd, cache);
+		tls = tls_socket_create(TRUE, server, NULL, cfd, cache, TRUE);
 		if (!tls)
 		{
 			close(fd);

src/libtls/tls.c

@@ -447,6 +447,7 @@ tls_t *tls_create(bool is_server, identification_t *server,
 		case TLS_PURPOSE_EAP_TTLS:
 		case TLS_PURPOSE_EAP_PEAP:
 		case TLS_PURPOSE_GENERIC:
+		case TLS_PURPOSE_GENERIC_NULLOK:
 			break;
 		default:
 			return NULL;

src/libtls/tls.h

@@ -107,6 +107,8 @@ enum tls_purpose_t {
 	TLS_PURPOSE_EAP_PEAP,
 	/** non-EAP TLS */
 	TLS_PURPOSE_GENERIC,
+	/** non-EAP TLS accepting NULL encryption */
+	TLS_PURPOSE_GENERIC_NULLOK,
 	/** EAP binding for TNC */
 	TLS_PURPOSE_EAP_TNC
 };

src/libtls/tls_crypto.c

@@ -1846,6 +1846,9 @@ tls_crypto_t *tls_crypto_create(tls_t *tls, tls_cache_t *cache)
 		case TLS_PURPOSE_GENERIC:
 			build_cipher_suite_list(this, TRUE);
 			break;
+		case TLS_PURPOSE_GENERIC_NULLOK:
+			build_cipher_suite_list(this, FALSE);
+			break;
 		default:
 			break;
 	}