diff options
| author | Paul Stewart <pstew@chromium.org> | 2012-06-04 21:10:01 +0300 |
|---|---|---|
| committer | Jouni Malinen <j@w1.fi> | 2012-06-04 21:10:01 +0300 |
| commit | dd7fec1f2969c377ac895246edd34c13986ebb08 (patch) | |
| tree | 7bf8420a577776537d56f326d11e257c693b6dd5 /src/crypto | |
| parent | 24b5bd8b42c05ca5c041c88abf3944a07f3f839f (diff) | |
| download | external_wpa_supplicant_8_ti-dd7fec1f2969c377ac895246edd34c13986ebb08.zip external_wpa_supplicant_8_ti-dd7fec1f2969c377ac895246edd34c13986ebb08.tar.gz external_wpa_supplicant_8_ti-dd7fec1f2969c377ac895246edd34c13986ebb08.tar.bz2 | |
wpa_supplicant: Report EAP connection progress to DBus
Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:
- During method selection (ACK and NAK)
- During certificate verification
- While sending and receiving TLS alert messages
- EAP success and failure messages
This provides DBus callers a number of new tools:
- The ability to probe an AP for available EAP methods
(given an identity).
- The ability to identify why the remote certificate was
not verified.
- The ability to identify why the remote peer refused
a TLS connection.
Signed-hostap: Paul Stewart <pstew@chromium.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/tls.h | 10 | ||||
| -rw-r--r-- | src/crypto/tls_openssl.c | 13 |
2 files changed, 22 insertions, 1 deletions
diff --git a/src/crypto/tls.h b/src/crypto/tls.h index 2bd3bbb..990f6e6 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -21,8 +21,10 @@ struct tls_keys { }; enum tls_event { + TLS_CERT_CHAIN_SUCCESS, TLS_CERT_CHAIN_FAILURE, - TLS_PEER_CERTIFICATE + TLS_PEER_CERTIFICATE, + TLS_ALERT }; /* @@ -57,6 +59,12 @@ union tls_event_data { const u8 *hash; size_t hash_len; } peer_cert; + + struct { + int is_local; + const char *type; + const char *description; + } alert; }; struct tls_config { diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 772f0b2..3bbd457 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -525,6 +525,15 @@ static void ssl_info_cb(const SSL *ssl, int where, int ret) else conn->write_alerts++; } + if (tls_global->event_cb != NULL) { + union tls_event_data ev; + os_memset(&ev, 0, sizeof(ev)); + ev.alert.is_local = !(where & SSL_CB_READ); + ev.alert.type = SSL_alert_type_string_long(ret); + ev.alert.description = SSL_alert_desc_string_long(ret); + tls_global->event_cb(tls_global->cb_ctx, TLS_ALERT, + &ev); + } } else if (where & SSL_CB_EXIT && ret <= 0) { wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", str, ret == 0 ? "failed" : "error", @@ -1265,6 +1274,10 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) TLS_FAIL_SERVER_CHAIN_PROBE); } + if (preverify_ok && tls_global->event_cb != NULL) + tls_global->event_cb(tls_global->cb_ctx, + TLS_CERT_CHAIN_SUCCESS, NULL); + return preverify_ok; } |