Implement disable_hostname_check config option.

[radsecproxy.git] / lib / tls.c

diff --git a/lib/tls.c b/lib/tls.c
index 5c7045a..62b281f 100644 (file)
--- a/lib/tls.c
+++ b/lib/tls.c
@@ -1,10 +1,11 @@
-/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved.
-   See the file COPYING for licensing information.  */
+/* Copyright 2010-2013 NORDUnet A/S. All rights reserved.
+   See LICENSE for licensing information. */
 
 #if defined HAVE_CONFIG_H
 #include <config.h>
 #endif
 
+#include <stdlib.h>
 #include <assert.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
@@ -14,8 +15,8 @@
 #include <radsec/radsec-impl.h>
 
 #include <regex.h>
-#include "rsp_list.h"
-#include "../radsecproxy.h"
+#include "radsecproxy/list.h"
+#include "radsecproxy/radsecproxy.h"
 
 static struct tls *
 _get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm)
@@ -224,6 +225,8 @@ tls_verify_cert (struct rs_connection *conn)
   if (!success)
     success = (cnregexp (peer_cert, hostname, NULL) == 1);
 
+  if (conn->realm->disable_hostname_check)
+    success = 1;
   if (!success)
     err = rs_err_conn_push (conn, RSE_CERT, "server certificate doesn't "
                             "match configured hostname \"%s\"", hostname);