From 72a417e8a3a257a0c713524e1bc98b99a0e87530 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Wed, 2 Oct 2019 10:36:06 -0500
Subject: [PATCH] eap-tls-common: update to new ELL TLS APIs

---
 src/eap-tls-common.c | 59 +++++++++++++++++++++++++++++++++++++-------
 1 file changed, 50 insertions(+), 9 deletions(-)

diff --git a/src/eap-tls-common.c b/src/eap-tls-common.c
index b069fcfd..39015167 100644
--- a/src/eap-tls-common.c
+++ b/src/eap-tls-common.c
@@ -543,15 +543,56 @@ static bool eap_tls_tunnel_init(struct eap_state *eap)
 		l_tls_set_debug(eap_tls->tunnel, eap_tls_tunnel_debug, eap,
 									NULL);
 
-	if (!l_tls_set_auth_data(eap_tls->tunnel, eap_tls->client_cert,
-							eap_tls->client_key,
-							eap_tls->passphrase) ||
-			(eap_tls->ca_cert &&
-				!l_tls_set_cacert(eap_tls->tunnel,
-							eap_tls->ca_cert))) {
-		l_error("%s: Error loading TLS keys or certificates.",
-						eap_get_method_name(eap));
-		return false;
+	if (eap_tls->client_cert || eap_tls->client_key) {
+		struct l_certchain *client_cert =
+			l_pem_load_certificate_chain(eap_tls->client_cert);
+		struct l_key *client_key;
+
+		if (!client_cert) {
+			l_error("%s: Failed to parse client certificate: %s.",
+					eap_get_method_name(eap),
+					eap_tls->client_cert);
+			return false;
+		}
+
+		client_key = l_pem_load_private_key(eap_tls->client_key,
+							eap_tls->passphrase,
+							NULL);
+		if (!client_key) {
+			l_error("%s: Failed to parse client private key: %s.",
+					eap_get_method_name(eap),
+					eap_tls->client_key);
+			return false;
+		}
+
+		if (!l_tls_set_auth_data(eap_tls->tunnel,
+						client_cert, client_key)) {
+			l_certchain_free(client_cert);
+			l_key_free(client_key);
+			l_error("%s: Failed to set auth data.",
+					eap_get_method_name(eap));
+			return false;
+		}
+	}
+
+	if (eap_tls->ca_cert) {
+		struct l_queue *ca_cert =
+			l_pem_load_certificate_list(eap_tls->ca_cert);
+
+		if (!ca_cert) {
+			l_error("%s: Error loading CA certificates from %s.",
+						eap_get_method_name(eap),
+						eap_tls->ca_cert);
+			return false;
+		}
+
+		if (!l_tls_set_cacert(eap_tls->tunnel, ca_cert)) {
+			l_queue_destroy(ca_cert,
+					(l_queue_destroy_func_t)l_cert_free);
+			l_error("%s: Error settings CA certificates.",
+					eap_get_method_name(eap));
+			return false;
+		}
 	}
 
 	if (eap_tls->domain_mask)