Formatting changes.

[libradsec.git] / tls.c

diff --git a/tls.c b/tls.c
index ce06a6e..599e2a7 100644 (file)
--- a/tls.c
+++ b/tls.c
@@ -1,10 +1,6 @@
-/*
- * Copyright (C) 2006-2009 Stig Venaas <venaas@uninett.no>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- */
+/* Copyright (c) 2006-2010, UNINETT AS
+ * Copyright (c) 2010-2012, NORDUnet A/S */
+/* See LICENSE for licensing information. */
 
 #include <signal.h>
 #include <sys/socket.h>
@@ -43,7 +39,7 @@ void tlssetsrcres();
 
 static const struct protodefs protodefs = {
     "tls",
-    "mysecret", /* secretdefault */
+    "radsec", /* secretdefault */
     SOCK_STREAM, /* socktype */
     "2083", /* portdefault */
     0, /* retrycountdefault */
@@ -82,7 +78,9 @@ static char **getlistenerargs() {
 
 void tlssetsrcres() {
     if (!srcres)
-       srcres = resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL, NULL, protodefs.socktype);
+       srcres =
+            resolvepassiveaddrinfo(protoopts ? protoopts->sourcearg : NULL,
+                                   AF_UNSPEC, NULL, protodefs.socktype);
 }
 
 int tlsconnect(struct server *server, struct timeval *when, int timeout, char *text) {
@@ -383,6 +381,7 @@ void *tlsservernew(void *arg) {
     SSL_CTX *ctx = NULL;
     unsigned long error;
     struct client *client;
+    struct tls *accepted_tls = NULL;
 
     s = *(int *)arg;
     if (getpeername(s, (struct sockaddr *)&from, &fromlen)) {
@@ -410,22 +409,23 @@ void *tlsservernew(void *arg) {
        cert = verifytlscert(ssl);
        if (!cert)
            goto exit;
+        accepted_tls = conf->tlsconf;
     }
 
     while (conf) {
-       if (verifyconfcert(cert, conf)) {
-           X509_free(cert);
-           client = addclient(conf, 1);
-           if (client) {
-               client->ssl = ssl;
-               client->addr = addr_copy((struct sockaddr *)&from);
-               tlsserverrd(client);
-               removeclient(client);
-           } else
-               debug(DBG_WARN, "tlsservernew: failed to create new client instance");
-           goto exit;
-       }
-       conf = find_clconf(handle, (struct sockaddr *)&from, &cur);
+        if (accepted_tls == conf->tlsconf && verifyconfcert(cert, conf)) {
+            X509_free(cert);
+            client = addclient(conf, 1);
+            if (client) {
+                client->ssl = ssl;
+                client->addr = addr_copy((struct sockaddr *)&from);
+                tlsserverrd(client);
+                removeclient(client);
+            } else
+                debug(DBG_WARN, "tlsservernew: failed to create new client instance");
+            goto exit;
+        }
+        conf = find_clconf(handle, (struct sockaddr *)&from, &cur);
     }
     debug(DBG_WARN, "tlsservernew: ignoring request, no matching TLS client");
     if (cert)