ATTRIBUTE OTP-Challenge 1145 string
ATTRIBUTE EAP-Session-Id 1146 octets
+ ATTRIBUTE Chbind-Response-Code 1147 integer
+
+ ATTRIBUTE Chbind-Response-Code 1147 integer
+
+ VALUE Chbind-Response-Code success 2
+ VALUE Chbind-Response-Code failure 3
+# For EAP channel binding
+
+ATTRIBUTE Chbind-Response-Code 1147 integer
+
+VALUE Chbind-Response-Code success 2
+VALUE Chbind-Response-Code failure 3
+
ATTRIBUTE Acct-Input-Octets64 1148 integer64
ATTRIBUTE Acct-Output-Octets64 1149 integer64
return 0;
}
- psk_len = strlen(conf->psk_password);
+ psk_len = strlen(conf->psk_password);
if (psk_len > (2 * max_psk_len)) return 0;
- return fr_hex2bin(psk, conf->psk_password, psk_len);
+ return fr_hex2bin(psk, max_psk_len, conf->psk_password, psk_len);
}
static unsigned int psk_client_callback(SSL *ssl, UNUSED char const *hint,
* - Load the Private key & the certificate
* - Set the Context options & Verify options
*/
- SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client)
-static SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client)
++SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client)
{
SSL_CTX *ctx;
X509_STORE *certstore;
return NULL;
}
+ /*
+ * There are two ways PSKs can be configured for a server. The
+ * first is the same as a client: psk_identity and
+ * psk_hexphrase. The second is to dynamically configure PSKs
+ * and to have the psk_xlat return them. The second is
+ * compatible with certificates; either the PSK or cert will
+ * be used depending on what the client uses.
+ */
+ if (!client)
+ SSL_CTX_set_psk_server_callback(ctx,
+ psk_server_callback);
+
+
if (conf->psk_identity) {
size_t psk_len, hex_len;
- char buffer[PSK_MAX_PSK_LEN];
+ uint8_t buffer[PSK_MAX_PSK_LEN];
if (conf->certificate_file ||
conf->private_key_password || conf->private_key_file ||