aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto/tls_gnutls.c
Commit message (Collapse)AuthorAgeFilesLines
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove EAP-TTLSv1 and TLS/IAJouni Malinen2011-09-251-282/+2
| | | | | | | | | | | | | | These protocols seem to be abandoned: latest IETF drafts have expired years ago and it does not seem likely that EAP-TTLSv1 would be deployed. The implementation in hostapd/wpa_supplicant was not complete and not fully tested. In addition, the TLS/IA functionality was only available when GnuTLS was used. Since GnuTLS removed this functionality in 3.0.0, there is no available TLS/IA implementation in the latest version of any supported TLS library. Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted complexity from hostapd and wpa_supplicant. In addition, this removes any potential use of the GnuTLS extra library.
* GnuTLS: Fix build bit various GnuTLS versionsJouni Malinen2011-09-251-15/+36
| | | | | | This fixes some build issues in GnuTLS wrapper to be compatible with at least following GnuTLS versions: 2.2.5, 2.4.3, 2.6.6, 2.8.6, 2.10.5, 2.12.11, 3.0.3.
* GnuTLS: Implement tls_connection_enable_workaround()Jouni Malinen2009-12-201-1/+1
|
* GnuTLS: Add support for piggybacked Application DataJouni Malinen2009-12-201-0/+30
|
* GnuTLS: Define empty tls_connection_set_session_ticket_cb()Jouni Malinen2009-12-201-0/+8
| | | | | This allows EAP-FAST build to be completed even if it does not actually work yet with GnuTLS.
* Use wpabuf with tls_connection_ia_send_phase_finished()Jouni Malinen2009-12-201-15/+9
|
* Allow TLS flags to be configured (allow MD5, disable time checks)Jouni Malinen2009-12-201-0/+23
| | | | | | | | | | | | | Undocumented (at least for the time being) TLS parameters can now be provided in wpa_supplicant configuration to enable some workarounds for being able to connect insecurely to some networks. phase1 and phase2 network parameters can use following options: tls_allow_md5=1 - allow MD5 signature to be used (disabled by default with GnuTLS) tls_disable_time_checks=1 - ignore certificate expiration time For now, only the GnuTLS TLS wrapper implements support for these.
* GnuTLS: Report certificate validation failures with TLS alertJouni Malinen2009-12-201-3/+29
| | | | In addition, show more detailed reason for the failure in debug log.
* GnuTLS: Use struct wpabuf for push/pull buffersJouni Malinen2009-12-201-49/+30
|
* Convert TLS wrapper to use struct wpabufJouni Malinen2009-12-201-59/+75
| | | | | | | This converts tls_connection_handshake(), tls_connection_server_handshake(), tls_connection_encrypt(), and tls_connection_decrypt() to use struct wpa_buf to allow higher layer code to be cleaned up with consistent struct wpabuf use.
* GnuTLS: Fix compilation with newer GnuTLS versionsJouni Malinen2009-11-211-0/+4
| | | | Avoid duplicate defination of TLS_RANDOM_SIZE and TLS_MASTER_SIZE.
* Fix builds that need SHA256 or mod_exp, but not TLS functionsJouni Malinen2009-02-271-0/+2
|
* Use larger buffer for TLS encryption to avoid issues with GnuTLSJouni Malinen2009-02-091-0/+8
| | | | | | | | | | | | It looks like GnuTLS (at least newer versions) is using random padding on the application data and the previously used 100 byte extra buffer for tls_connection_encrypt() calls was not enough to handle all cases. This resulted in semi-random authentication failures with EAP-PEAP and EAP-TTLS during Phase 2. Increase the extra space for encryption from 100 to 300 bytes and add an error message into tls_gnutls.c to make it easier to notice this issue should it ever show up again even with the larger buffer.
* Cleaned up printf format warnings on 64-bit buildJouni Malinen2009-02-051-8/+11
|
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-271-0/+1362
generated by cgit v1.1 at 2024-05-22 02:20:30 +0000