projects
/
libradsec.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Don't mix up pre- and post-handshake verification of DTLS clients.
[libradsec.git]
/
dtls.c
diff --git
a/dtls.c
b/dtls.c
index
bbebfef
..
3772113
100644
(file)
--- a/
dtls.c
+++ b/
dtls.c
@@
-354,6
+354,7
@@
void *dtlsservernew(void *arg) {
X509 *cert = NULL;
SSL_CTX *ctx = NULL;
uint8_t delay = 60;
X509 *cert = NULL;
SSL_CTX *ctx = NULL;
uint8_t delay = 60;
+ struct tls *accepted_tls = NULL;
debug(DBG_DBG, "dtlsservernew: starting");
conf = find_clconf(handle, (struct sockaddr *)¶ms->addr, NULL);
debug(DBG_DBG, "dtlsservernew: starting");
conf = find_clconf(handle, (struct sockaddr *)¶ms->addr, NULL);
@@
-367,10
+368,11
@@
void *dtlsservernew(void *arg) {
cert = verifytlscert(ssl);
if (!cert)
goto exit;
cert = verifytlscert(ssl);
if (!cert)
goto exit;
+ accepted_tls = conf->tlsconf;
}
while (conf) {
}
while (conf) {
- if (verifyconfcert(cert, conf)) {
+ if (
accepted_tls == conf->tlsconf &&
verifyconfcert(cert, conf)) {
X509_free(cert);
client = addclient(conf, 1);
if (client) {
X509_free(cert);
client = addclient(conf, 1);
if (client) {