Patchwork Provide TLS alerts to CLI/UI

login
register
mail settings
Submitter Chris Hessing
Date March 20, 2013, 3:22 p.m.
Message ID <5149D444.5020300@cloudpath.net>
Download mbox | patch
Permalink /patch/229414/
State Changes Requested
Headers show

Comments

Chris Hessing - March 20, 2013, 3:22 p.m.
The following small patch enables sending of TLS alerts to a connected 
CLI or UI.   It is useful for situations where the only diagnostic 
capabilities you have are via the CLI or UI such as some embedded 
systems like Android.
Jouni Malinen - March 30, 2013, 5:15 p.m.
On Wed, Mar 20, 2013 at 09:22:44AM -0600, Chris Hessing wrote:
> diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
> @@ -1332,12 +1332,21 @@ static void eap_peer_sm_tls_event(void *ctx, 
> enum tls_event ev,
>                                            hash_hex, data->peer_cert.cert);
>                  break;
>          case TLS_ALERT:
> -               if (data->alert.is_local)
> -                       eap_notify_status(sm, "local TLS alert",
> - data->alert.description);
> -               else
> -                       eap_notify_status(sm, "remote TLS alert",
> +         if (data->alert.is_local) {
> +           wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
> +                   "type='local' alert='%s'",
> +                   data->alert.description);

That eap_notify_status() is already delivering this event to the core
wpa_supplicant implementation and adding wpa_msg() there in
wpas_notify_eap_status() would be more appropriate way of adding this
event. That path is already used for providing this information through
the D-Bus interface.

Patch

diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index 84f1195..089802e 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -44,6 +44,8 @@  extern "C" {
  #define WPA_EVENT_EAP_PEER_CERT "CTRL-EVENT-EAP-PEER-CERT "
  /** EAP TLS certificate chain validation error */
  #define WPA_EVENT_EAP_TLS_CERT_ERROR "CTRL-EVENT-EAP-TLS-CERT-ERROR "
+  /** EAP TLS alert */
+#define WPA_EVENT_EAP_TLS_ALERT "CTRL-EVENT-EAP-TLS-ALERT "
  /** EAP authentication completed successfully */
  #define WPA_EVENT_EAP_SUCCESS "CTRL-EVENT-EAP-SUCCESS "
  /** EAP authentication failed (EAP-Failure received) */
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index a4c9b25..dc145b1 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -1332,12 +1332,21 @@  static void eap_peer_sm_tls_event(void *ctx, 
enum tls_event ev,
                                           hash_hex, data->peer_cert.cert);
                 break;
         case TLS_ALERT:
-               if (data->alert.is_local)
-                       eap_notify_status(sm, "local TLS alert",
- data->alert.description);
-               else
-                       eap_notify_status(sm, "remote TLS alert",
+         if (data->alert.is_local) {
+           wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
+                   "type='local' alert='%s'",
+                   data->alert.description);
+
+           eap_notify_status(sm, "local TLS alert",
data->alert.description);
+         } else {
+           wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
+                   "type='remote' alert='%s'",
+                   data->alert.description);
+
+           eap_notify_status(sm, "remote TLS alert",
+                             data->alert.description);
+         }
                 break;
         }