2
2
* rlm_eap_tls.c contains the interfaces that are called from eap
4
* Version: $Id: rlm_eap_tls.c,v 1.21 2004/04/07 15:51:45 aland Exp $
4
* Version: $Id: rlm_eap_tls.c,v 1.21.4.1 2005/12/15 00:06:26 aland Exp $
6
6
* This program is free software; you can redistribute it and/or modify
7
7
* it under the terms of the GNU General Public License as published by
147
147
type = SSL_FILETYPE_ASN1;
150
/* Load the CAs we trust */
151
if (!(SSL_CTX_load_verify_locations(ctx, conf->ca_file, conf->ca_path)) ||
152
(!SSL_CTX_set_default_verify_paths(ctx))) {
153
ERR_print_errors_fp(stderr);
154
radlog(L_ERR, "rlm_eap_tls: Error reading Trusted root CA list");
157
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(conf->ca_file));
160
151
* Set the password to load private key
164
155
SSL_CTX_set_default_passwd_cb(ctx, cbtls_password);
167
/* Load our keys and certificates*/
168
if (!(SSL_CTX_use_certificate_file(ctx, conf->certificate_file, type))) {
159
* Load our keys and certificates
161
* If certificates are of type PEM then we can make use
162
* of cert chain authentication using openssl api call
163
* SSL_CTX_use_certificate_chain_file. Please see how
164
* the cert chain needs to be given in PEM from
167
if (type == SSL_FILETYPE_PEM) {
168
radlog(L_INFO, "rlm_eap_tls: Loading the certificate file as a chain");
169
if (!(SSL_CTX_use_certificate_chain_file(ctx, conf->certificate_file))) {
170
ERR_print_errors_fp(stderr);
171
radlog(L_ERR, "rlm_eap_tls: Error reading certificate file");
175
} else if (!(SSL_CTX_use_certificate_file(ctx, conf->certificate_file, type))) {
169
176
ERR_print_errors_fp(stderr);
170
177
radlog(L_ERR, "rlm_eap_tls: Error reading certificate file");
182
/* Load the CAs we trust */
183
if (!SSL_CTX_load_verify_locations(ctx, conf->ca_file, conf->ca_path)) {
184
ERR_print_errors_fp(stderr);
185
radlog(L_ERR, "rlm_eap_tls: Error reading Trusted root CA list");
188
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(conf->ca_file));
174
190
if (!(SSL_CTX_use_PrivateKey_file(ctx, conf->private_key_file, type))) {
175
191
ERR_print_errors_fp(stderr);
176
192
radlog(L_ERR, "rlm_eap_tls: Error reading private key file");