From 787ccb8ea4a0c384749338fb4665c790c42af665 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Thu, 3 Oct 2013 21:13:54 +0200
Subject: [PATCH] Implement disable_hostname_check config option.

Patch by Sam Hartman.
---
 lib/conf.c                       | 3 +++
 lib/include/radsec/radsec-impl.h | 1 +
 lib/tls.c                        | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/lib/conf.c b/lib/conf.c
index 68da0a5..4e0df31 100644
--- a/lib/conf.c
+++ b/lib/conf.c
@@ -31,6 +31,7 @@
       pskhexstr = STRING # Transport pre-shared key, ASCII hex form.
       pskid = STRING
       pskex = "PSK"|"DHE_PSK"|"RSA_PSK"
+      disable_hostname_check = "yes"|"no"
   }
 
   # client specific realm config options
@@ -73,6 +74,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file)
       CFG_STR ("pskhexstr", NULL, CFGF_NONE),
       CFG_STR ("pskid", NULL, CFGF_NONE),
       CFG_STR ("pskex", "PSK", CFGF_NONE),
+      CFG_BOOL ("disable_hostname_check", cfg_false, CFGF_NONE),
       CFG_SEC ("server", server_opts, CFGF_MULTI),
       CFG_END ()
     };
@@ -150,6 +152,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file)
                                 r->name, typestr);
       r->timeout = cfg_getint (cfg_realm, "timeout");
       r->retries = cfg_getint (cfg_realm, "retries");
+      r->disable_hostname_check = cfg_getbool (cfg_realm, "disable_hostname_check");
 
       r->cacertfile = cfg_getstr (cfg_realm, "cacertfile");
       /*r->cacertpath = cfg_getstr (cfg_realm, "cacertpath");*/
diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h
index e472703..0ecd631 100644
--- a/lib/include/radsec/radsec-impl.h
+++ b/lib/include/radsec/radsec-impl.h
@@ -70,6 +70,7 @@ struct rs_realm {
     char *cacertpath;
     char *certfile;
     char *certkeyfile;
+    int disable_hostname_check;
     struct rs_credentials *transport_cred;
     struct rs_peer *peers;
     struct rs_realm *next;
diff --git a/lib/tls.c b/lib/tls.c
index 62e219e..62b281f 100644
--- a/lib/tls.c
+++ b/lib/tls.c
@@ -225,6 +225,8 @@ tls_verify_cert (struct rs_connection *conn)
   if (!success)
     success = (cnregexp (peer_cert, hostname, NULL) == 1);
 
+  if (conn->realm->disable_hostname_check)
+    success = 1;
   if (!success)
     err = rs_err_conn_push (conn, RSE_CERT, "server certificate doesn't "
                             "match configured hostname \"%s\"", hostname);
-- 
2.1.4