char *engine_id;
/**
+ * engine2 - Enable OpenSSL engine (e.g., for smartcard) (Phase 2)
+ *
+ * This is used if private key operations for EAP-TLS are performed
+ * using a smartcard.
+ *
+ * This field is like engine, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ */
+ int engine2;
+
+
+ /**
+ * pin2 - PIN for USIM, GSM SIM, and smartcards (Phase 2)
+ *
+ * This field is used to configure PIN for SIM and smartcards for
+ * EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a
+ * smartcard is used for private key operations.
+ *
+ * This field is like pin2, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ *
+ * If left out, this will be asked through control interface.
+ */
+ char *pin2;
+
+ /**
+ * engine2_id - Engine ID for OpenSSL engine (Phase 2)
+ *
+ * "opensc" to select OpenSC engine or "pkcs11" to select PKCS#11
+ * engine.
+ *
+ * This is used if private key operations for EAP-TLS are performed
+ * using a smartcard.
+ *
+ * This field is like engine_id, but used for phase 2 (inside
+ * EAP-TTLS/PEAP/FAST tunnel) authentication.
+ */
+ char *engine2_id;
+
+
+ /**
* key_id - Key ID for OpenSSL engine
*
* This is used if private key operations for EAP-TLS are performed
struct eap_peer_config *config = eap_get_config(sm);
if (config == NULL ||
((sm->init_phase2 ? config->private_key2 : config->private_key)
- == NULL && config->engine == 0)) {
+ == NULL &&
+ (sm->init_phase2 ? config->engine2 : config->engine) == 0)) {
wpa_printf(MSG_INFO, "EAP-TLS: Private key not configured");
return NULL;
}
params->dh_file = (char *) config->dh_file;
params->subject_match = (char *) config->subject_match;
params->altsubject_match = (char *) config->altsubject_match;
+ params->engine = config->engine;
params->engine_id = config->engine_id;
params->pin = config->pin;
params->key_id = config->key_id;
params->dh_file = (char *) config->dh_file2;
params->subject_match = (char *) config->subject_match2;
params->altsubject_match = (char *) config->altsubject_match2;
- params->engine_id = config->engine_id;
- params->pin = config->pin;
+ params->engine = config->engine2;
+ params->engine_id = config->engine2_id;
+ params->pin = config->pin2;
params->key_id = config->key2_id;
params->cert_id = config->cert2_id;
params->ca_cert_id = config->ca_cert2_id;
struct eap_peer_config *config, int phase2)
{
os_memset(params, 0, sizeof(*params));
- params->engine = config->engine;
- if (phase2)
+ if (phase2) {
+ wpa_printf(MSG_DEBUG, "TLS: using phase2 config options");
eap_tls_params_from_conf2(params, config);
- else
+ } else {
+ wpa_printf(MSG_DEBUG, "TLS: using phase1 config options");
eap_tls_params_from_conf1(params, config);
+ }
params->tls_ia = data->tls_ia;
/*
{ STRe(key_id) },
{ STRe(cert_id) },
{ STRe(ca_cert_id) },
+ { STR_KEYe(pin2) },
+ { STRe(engine2_id) },
{ STRe(key2_id) },
{ STRe(cert2_id) },
{ STRe(ca_cert2_id) },
{ INTe(engine) },
+ { INTe(engine2) },
{ INT(eapol_flags) },
#endif /* IEEE8021X_EAPOL */
{ FUNC_KEY(wep_key0) },
os_free(eap->key2_id);
os_free(eap->cert2_id);
os_free(eap->ca_cert2_id);
+ os_free(eap->pin2);
+ os_free(eap->engine2_id);
os_free(eap->otp);
os_free(eap->pending_req_otp);
os_free(eap->pac_file);
STR(cert_id);
STR(ca_cert_id);
STR(key2_id);
+ STR(pin2);
+ STR(engine2_id);
STR(cert2_id);
STR(ca_cert2_id);
INTe(engine);
+ INTe(engine2);
INT_DEF(eapol_flags, DEFAULT_EAPOL_FLAGS);
#endif /* IEEE8021X_EAPOL */
for (i = 0; i < 4; i++)
STR(cert_id);
STR(ca_cert_id);
STR(key2_id);
+ STR(pin2);
+ STR(engine2_id);
STR(cert2_id);
STR(ca_cert2_id);
INTe(engine);
+ INTe(engine2);
INT_DEF(eapol_flags, DEFAULT_EAPOL_FLAGS);
#endif /* IEEE8021X_EAPOL */
for (i = 0; i < 4; i++)