[PATCH] Provide TLS alerts to CLI/UI

Chris Hessing chris.hessing at cloudpath.net
Wed Mar 20 11:22:44 EDT 2013


The following small patch enables sending of TLS alerts to a connected 
CLI or UI.   It is useful for situations where the only diagnostic 
capabilities you have are via the CLI or UI such as some embedded 
systems like Android.

diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index 84f1195..089802e 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -44,6 +44,8 @@ extern "C" {
  #define WPA_EVENT_EAP_PEER_CERT "CTRL-EVENT-EAP-PEER-CERT "
  /** EAP TLS certificate chain validation error */
  #define WPA_EVENT_EAP_TLS_CERT_ERROR "CTRL-EVENT-EAP-TLS-CERT-ERROR "
+  /** EAP TLS alert */
+#define WPA_EVENT_EAP_TLS_ALERT "CTRL-EVENT-EAP-TLS-ALERT "
  /** EAP authentication completed successfully */
  #define WPA_EVENT_EAP_SUCCESS "CTRL-EVENT-EAP-SUCCESS "
  /** EAP authentication failed (EAP-Failure received) */
diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index a4c9b25..dc145b1 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -1332,12 +1332,21 @@ static void eap_peer_sm_tls_event(void *ctx, 
enum tls_event ev,
                                           hash_hex, data->peer_cert.cert);
                 break;
         case TLS_ALERT:
-               if (data->alert.is_local)
-                       eap_notify_status(sm, "local TLS alert",
- data->alert.description);
-               else
-                       eap_notify_status(sm, "remote TLS alert",
+         if (data->alert.is_local) {
+           wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
+                   "type='local' alert='%s'",
+                   data->alert.description);
+
+           eap_notify_status(sm, "local TLS alert",
data->alert.description);
+         } else {
+           wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TLS_ALERT
+                   "type='remote' alert='%s'",
+                   data->alert.description);
+
+           eap_notify_status(sm, "remote TLS alert",
+                             data->alert.description);
+         }
                 break;
         }




More information about the HostAP mailing list