From fcf39a039da6beacc2f21d5e876cb304a29a3115 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Fri, 17 Mar 2017 10:14:21 -0400
Subject: [PATCH] Allow no cert when psk is configured

---
 src/main/tls.c | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/main/tls.c b/src/main/tls.c
index 580b02e..f6c210c 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -3116,14 +3116,29 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
 	 */
 	if (conf->fragment_size < 100) conf->fragment_size = 100;
 
-	if (!conf->private_key_file) {
-		ERROR(LOG_PREFIX ": TLS Server requires a private key file");
-		goto error;
-	}
+	/*
+	 *	Only check for certificate things if we don't have a
+	 *	PSK query.
+	 */
+	if (conf->psk_identity) {
+		if (conf->private_key_file) {
+			WARN(LOG_PREFIX ": Ignoring private key file due to psk_identity being used");
+		}
 
-	if (!conf->certificate_file) {
-		ERROR(LOG_PREFIX ": TLS Server requires a certificate file");
-		goto error;
+		if (conf->certificate_file) {
+			WARN(LOG_PREFIX ": Ignoring certificate file due to psk_identity being used");
+		}
+
+	} else {
+		if (!conf->private_key_file) {
+			ERROR(LOG_PREFIX ": TLS Server requires a private key file");
+			goto error;
+		}
+
+		if (!conf->certificate_file) {
+			ERROR(LOG_PREFIX ": TLS Server requires a certificate file");
+			goto error;
+		}
 	}
 
 	/*
-- 
2.1.4