radsecproxy-1.6.2

[radsecproxy.git] / dtls.c

diff --git a/dtls.c b/dtls.c
index ed3dca1..3772113 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -46,7 +46,7 @@ void initextradtls();
 
 static const struct protodefs protodefs = {
     "dtls",
-    "mysecret", /* secretdefault */
+    "radsec", /* secretdefault */
     SOCK_DGRAM, /* socktype */
     "2083", /* portdefault */
     REQUEST_RETRY_COUNT, /* retrycountdefault */
@@ -99,7 +99,9 @@ struct dtlsservernewparams {
 
 void dtlssetsrcres() {
     if (!srcres)
-       srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype);
+       srcres =
+            resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL,
+                                   AF_UNSPEC, NULL, protodefs.socktype);
 }
 
 int udp2bio(int s, struct gqueue *q, int cnt) {
@@ -352,6 +354,7 @@ void *dtlsservernew(void *arg) {
     X509 *cert = NULL;
     SSL_CTX *ctx = NULL;
     uint8_t delay = 60;
+    struct tls *accepted_tls = NULL;
 
     debug(DBG_DBG, "dtlsservernew: starting");
     conf = find_clconf(handle, (struct sockaddr *)&params->addr, NULL);
@@ -365,10 +368,11 @@ void *dtlsservernew(void *arg) {
        cert = verifytlscert(ssl);
         if (!cert)
             goto exit;
+        accepted_tls = conf->tlsconf;
     }
 
     while (conf) {
-       if (verifyconfcert(cert, conf)) {
+       if (accepted_tls == conf->tlsconf && verifyconfcert(cert, conf)) {
            X509_free(cert);
            client = addclient(conf, 1);
            if (client) {