[PATCH] Provide TLS alerts to CLI/UI
Chris Hessing
chris.hessing
Wed Mar 20 08:22:44 PDT 2013
The following small patch enables sending of TLS alerts to a connected
CLI or UI. It is useful for situations where the only diagnostic
capabilities you have are via the CLI or UI such as some embedded
systems like Android.
diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index 84f1195..089802e 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -44,6 +44,8 @@ extern "C" {
#define WPA_EVENT_EAP_PEER_CERT "CTRL-EVENT-EAP-PEER-CERT "
/** EAP TLS certificate chain validation error */
#define WPA_EVENT_EAP_TLS_CERT_ERROR "CTRL-EVENT-EAP-TLS-CERT-ERROR "
+ /** EAP TLS alert */
+#define WPA_EVENT_EAP_TLS_ALERT "CTRL-EVENT-EAP-TLS-ALERT "
/** EAP authentication completed successfully */
#define WPA_EVENT_EAP_SUCCESS "CTRL-EVENT-EAP-SUCCESS "
/** EAP authentication failed (EAP-Failure received) */
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index a4c9b25..dc145b1 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -1332,12 +1332,21 @@ static void eap_peer_sm_tls_event(void *ctx,
enum tls_event ev,
hash_hex, data->peer_cert.cert);
break;
case TLS_ALERT:
- if (data->alert.is_local)
- eap_notify_status(sm, "local TLS alert",
- data->alert.description);
- else
- eap_notify_status(sm, "remote TLS alert",
+ if (data->alert.is_local) {
+ wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
+ "type='local' alert='%s'",
+ data->alert.description);
+
+ eap_notify_status(sm, "local TLS alert",
data->alert.description);
+ } else {
+ wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
+ "type='remote' alert='%s'",
+ data->alert.description);
+
+ eap_notify_status(sm, "remote TLS alert",
+ data->alert.description);
+ }
break;
}
More information about the Hostap
mailing list