Provide TLS alerts to CLI/UI

Submitted by Chris Hessing on March 20, 2013, 3:22 p.m.

Details

Message ID 5149D444.5020300@cloudpath.net
State Changes Requested
Headers show

Commit Message

Chris Hessing March 20, 2013, 3:22 p.m.
The following small patch enables sending of TLS alerts to a connected 
CLI or UI.   It is useful for situations where the only diagnostic 
capabilities you have are via the CLI or UI such as some embedded 
systems like Android.

Comments

Jouni Malinen March 30, 2013, 5:15 p.m.
On Wed, Mar 20, 2013 at 09:22:44AM -0600, Chris Hessing wrote:
> diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
> @@ -1332,12 +1332,21 @@ static void eap_peer_sm_tls_event(void *ctx, 
> enum tls_event ev,
>                                            hash_hex, data->peer_cert.cert);
>                  break;
>          case TLS_ALERT:
> -               if (data->alert.is_local)
> -                       eap_notify_status(sm, "local TLS alert",
> - data->alert.description);
> -               else
> -                       eap_notify_status(sm, "remote TLS alert",
> +         if (data->alert.is_local) {
> +           wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
> +                   "type='local' alert='%s'",
> +                   data->alert.description);

That eap_notify_status() is already delivering this event to the core
wpa_supplicant implementation and adding wpa_msg() there in
wpas_notify_eap_status() would be more appropriate way of adding this
event. That path is already used for providing this information through
the D-Bus interface.

Patch hide | download patch | download mbox

diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index 84f1195..089802e 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -44,6 +44,8 @@  extern "C" {
  #define WPA_EVENT_EAP_PEER_CERT "CTRL-EVENT-EAP-PEER-CERT "
  /** EAP TLS certificate chain validation error */
  #define WPA_EVENT_EAP_TLS_CERT_ERROR "CTRL-EVENT-EAP-TLS-CERT-ERROR "
+  /** EAP TLS alert */
+#define WPA_EVENT_EAP_TLS_ALERT "CTRL-EVENT-EAP-TLS-ALERT "
  /** EAP authentication completed successfully */
  #define WPA_EVENT_EAP_SUCCESS "CTRL-EVENT-EAP-SUCCESS "
  /** EAP authentication failed (EAP-Failure received) */
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index a4c9b25..dc145b1 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -1332,12 +1332,21 @@  static void eap_peer_sm_tls_event(void *ctx, 
enum tls_event ev,
                                           hash_hex, data->peer_cert.cert);
                 break;
         case TLS_ALERT:
-               if (data->alert.is_local)
-                       eap_notify_status(sm, "local TLS alert",
- data->alert.description);
-               else
-                       eap_notify_status(sm, "remote TLS alert",
+         if (data->alert.is_local) {
+           wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
+                   "type='local' alert='%s'",
+                   data->alert.description);
+
+           eap_notify_status(sm, "local TLS alert",
data->alert.description);
+         } else {
+           wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
+                   "type='remote' alert='%s'",
+                   data->alert.description);
+
+           eap_notify_status(sm, "remote TLS alert",
+                             data->alert.description);
+         }
                 break;
         }