From 1854dfdb58b99caaa16449bc05acd64212e43fcc Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@debian.org>
Date: Wed, 3 Apr 2013 14:23:37 -0400
Subject: [PATCH] psk: enable server callback always

---
 src/main/tls.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/main/tls.c b/src/main/tls.c
index e5ecc7b..9c79198 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -2041,6 +2041,19 @@ static SSL_CTX *init_tls_ctx(fr_tls_server_conf_t *conf, int client)
 		return NULL;
 	}
 
+	/*
+	 * There are two ways PSKs can be configured for a server. The
+	 * first is the same as a client: psk_identity and
+	 * psk_hexphrase. The second is to dynamically configure PSKs
+	 * and to have the psk_xlat return them. The second is
+	 * compatible with certificates; either the PSK or cert will
+	 * be used depending on what the client uses.
+	 */
+	if (!client)
+		SSL_CTX_set_psk_server_callback(ctx,
+						psk_server_callback);
+
+
 	if (conf->psk_identity) {
 		size_t psk_len, hex_len;
 		char buffer[PSK_MAX_PSK_LEN];
@@ -2055,10 +2068,7 @@ static SSL_CTX *init_tls_ctx(fr_tls_server_conf_t *conf, int client)
 		if (client) {
 			SSL_CTX_set_psk_client_callback(ctx,
 							psk_client_callback);
-		} else {
-			SSL_CTX_set_psk_server_callback(ctx,
-							psk_server_callback);
-		}
+		} 
 
 		psk_len = strlen(conf->psk_password);
 		if (strlen(conf->psk_password) > (2 * PSK_MAX_PSK_LEN)) {
-- 
2.1.4