Support EAP-TLS in Moonshot (requires OpenSSL)

[moonshot.git] / moonshot / mech_eap / set_cred_option.c

diff --git a/moonshot/mech_eap/set_cred_option.c b/moonshot/mech_eap/set_cred_option.c
index 7bb9b7b..98bb482 100644 (file)
--- a/moonshot/mech_eap/set_cred_option.c
+++ b/moonshot/mech_eap/set_cred_option.c
@@ -121,6 +121,15 @@ setCredPassword(OM_uint32 *minor,
     return gssEapSetCredPassword(minor, cred, buffer);
 }
 
+static OM_uint32
+setCredPrivateKey(OM_uint32 *minor,
+                  gss_cred_id_t cred,
+                  const gss_OID oid GSSEAP_UNUSED,
+                  const gss_buffer_t buffer)
+{
+    return gssEapSetCredClientCertificate(minor, cred, GSS_C_NO_BUFFER, buffer);
+}
+
 static struct {
     gss_OID_desc oid;
     OM_uint32 (*setOption)(OM_uint32 *, gss_cred_id_t cred,
@@ -146,12 +155,18 @@ static struct {
         { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x04" },
         setCredPassword,
     },
+    /* 1.3.6.1.4.1.5322.22.3.3.5 */
+    {
+        { 11, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x03\x03\x05" },
+        setCredPrivateKey,
+    },
 };
 
 gss_OID GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE     = &setCredOps[0].oid;
 gss_OID GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA   = &setCredOps[1].oid;
 gss_OID GSS_EAP_CRED_SET_CRED_FLAG              = &setCredOps[2].oid;
 gss_OID GSS_EAP_CRED_SET_CRED_PASSWORD          = &setCredOps[3].oid;
+gss_OID GSS_EAP_CRED_SET_CRED_PRIVATE_KEY       = &setCredOps[4].oid;
 
 OM_uint32 GSSAPI_CALLCONV
 gssspi_set_cred_option(OM_uint32 *minor,