EAP-TLS server: Determine whether TLS v1.3 or newer is used

This is needed to be able to handle different key derivation and message
handshakes in EAP implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-05-01 17:44:22 +03:00
parent c26ac18958
commit fe7b06c5e1
2 changed files with 12 additions and 0 deletions

View File

@ -305,6 +305,8 @@ static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
{
char buf[20];
if (data->tls_out) {
/* This should not happen.. */
wpa_printf(MSG_INFO, "SSL: pending tls_out data when "
@ -327,6 +329,11 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
return -1;
}
if (tls_get_version(sm->ssl_ctx, data->conn, buf, sizeof(buf)) == 0) {
wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf);
data->tls_v13 = os_strcmp(buf, "TLSv1.3") == 0;
}
return 0;
}

View File

@ -50,6 +50,11 @@ struct eap_ssl_data {
enum { MSG, FRAG_ACK, WAIT_FRAG_ACK } state;
struct wpabuf tmpbuf;
/**
* tls_v13 - Whether TLS v1.3 or newer is used
*/
int tls_v13;
};