From: mgriego Date: Fri, 31 Mar 2006 03:53:36 +0000 (+0000) Subject: Add option to specify TLS cipher list X-Git-Tag: release_2_0_0_pre1~646 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;h=ade68ebb00079955a40d49cf20bfd29ce270baf7;p=freeradius.git Add option to specify TLS cipher list --- diff --git a/src/modules/rlm_eap/libeap/eap_tls.h b/src/modules/rlm_eap/libeap/eap_tls.h index b0f4ead..03e6f82 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.h +++ b/src/modules/rlm_eap/libeap/eap_tls.h @@ -362,6 +362,7 @@ typedef struct eap_tls_conf { int fragment_size; int check_crl; char *check_cert_cn; + char *cipher_list; } EAP_TLS_CONF; diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index 3d6216b..1c2b15c 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -63,6 +63,8 @@ static CONF_PARSER module_config[] = { offsetof(EAP_TLS_CONF, check_crl), NULL, "no"}, { "check_cert_cn", PW_TYPE_STRING_PTR, offsetof(EAP_TLS_CONF, check_cert_cn), NULL, NULL}, + { "cipher_list", PW_TYPE_STRING_PTR, + offsetof(EAP_TLS_CONF, cipher_list), NULL, NULL}, { NULL, -1, 0, NULL, NULL } /* end the list */ }; @@ -186,6 +188,7 @@ static SSL_CTX *init_tls_ctx(EAP_TLS_CONF *conf) return NULL; } SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(conf->ca_file)); + } if (!(SSL_CTX_use_PrivateKey_file(ctx, conf->private_key_file, type))) { ERR_print_errors_fp(stderr); @@ -271,6 +274,15 @@ static SSL_CTX *init_tls_ctx(EAP_TLS_CONF *conf) return NULL; } + /* + * Set the cipher list if we were told to + */ + if (conf->cipher_list) { + if (!SSL_CTX_set_cipher_list(ctx, conf->cipher_list)) { + radlog(L_ERR, "rlm_eap_tls: Error setting cipher list"); + return NULL; + } + return ctx; }