EAP-TLS with TLS 1.3
Adam Bishop
Adam.Bishop at jisc.ac.uk
Tue Mar 13 01:18:16 CET 2018
On 12 Mar 2018, at 16:41, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
> On 12 Mar 2018, at 12:01, Alan DeKok <aland at deployingradius.com> wrote:
>> If anyone can take a look at how Apache does it, that would help. Simply knowing which OpenSSL calls to do, and in what order, will solve 99% of the problem.
>
> I looked at the changes from NGINX - they wrap all of openssl's method calls, but it looks like you "just" call the OpenSSL api call that adds a key pair multiple times.
mod_ssl is 100x less concise than NGINX, but the same seems to happen. Unfortunately they don't have a single changes when support was added - key agility support magically appears in this refactor:
https://github.com/apache/httpd/commit/d2344cb7ea7585f4c413045f2b1189802d8de28e
Same rough process, except much more verbose and then followed by a ton of alternative key loading mechanisms. I can't find any evidence that the ctx is initialised - the only requirement seems to be openssl 1.0.2+.
Loop over the configuration array:
https://github.com/apache/httpd/blob/2b9e9b4c4226c22d9f5c489661507e7547de051c/modules/ssl/ssl_engine_init.c#L1223-L1226
Call load cert:
https://github.com/apache/httpd/blob/2b9e9b4c4226c22d9f5c489661507e7547de051c/modules/ssl/ssl_engine_init.c#L1242-L1249
Call load key:
https://github.com/apache/httpd/blob/2b9e9b4c4226c22d9f5c489661507e7547de051c/modules/ssl/ssl_engine_init.c#L1261-L1284
Rinse, repeat.
Adam Bishop
gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460
jisc.ac.uk
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
More information about the Freeradius-Devel
mailing list