Added a TLS purpose for EAP-TTLS with client authentication

src/libtls/tls.h

@@ -96,6 +96,8 @@ enum tls_purpose_t {
 	TLS_PURPOSE_EAP_TLS,
 	/** outer authentication and protection in EAP-TTLS */
 	TLS_PURPOSE_EAP_TTLS,
+	/** EAP-TTLS with client authentication */
+	TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH,
 };
 
 /**

src/libtls/tls_crypto.c

@@ -926,6 +926,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls)
 			build_cipher_suite_list(this, FALSE);
 			break;
 		case TLS_PURPOSE_EAP_TTLS:
+		case TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH:
 			/* MSK PRF ASCII constant label according to EAP-TTLS RFC 5281 */
 			this->msk_label = "ttls keying material";
 			build_cipher_suite_list(this, TRUE);

src/libtls/tls_server.c

@@ -682,6 +682,7 @@ tls_server_t *tls_server_create(tls_t *tls,
 	switch (tls->get_purpose(tls))
 	{
 		case TLS_PURPOSE_EAP_TLS:
+		case TLS_PURPOSE_EAP_TTLS_CLIENT_AUTH:
 			this->request_peer_auth = TRUE;
 			break;
 		case TLS_PURPOSE_EAP_TTLS: