projects / radsecproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a6ea0fa)
Implement disable_hostname_check config option.
authorLinus Nordberg <linus@nordberg.se>
Thu, 3 Oct 2013 19:13:54 +0000 (21:13 +0200)
committerLinus Nordberg <linus@nordberg.se>
Thu, 3 Oct 2013 19:13:54 +0000 (21:13 +0200)
Patch by Sam Hartman.

lib/conf.c patch | blob | history
lib/include/radsec/radsec-impl.h patch | blob | history
lib/tls.c patch | blob | history

diff --git a/lib/conf.c b/lib/conf.c
index 68da0a5..4e0df31 100644 (file)
--- a/lib/conf.c
+++ b/lib/conf.c
@@ -31,6 +31,7 @@
       pskhexstr = STRING # Transport pre-shared key, ASCII hex form.
       pskid = STRING
       pskex = "PSK"|"DHE_PSK"|"RSA_PSK"
+      disable_hostname_check = "yes"|"no"
   }
 
   # client specific realm config options
@@ -73,6 +74,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file)
       CFG_STR ("pskhexstr", NULL, CFGF_NONE),
       CFG_STR ("pskid", NULL, CFGF_NONE),
       CFG_STR ("pskex", "PSK", CFGF_NONE),
+      CFG_BOOL ("disable_hostname_check", cfg_false, CFGF_NONE),
       CFG_SEC ("server", server_opts, CFGF_MULTI),
       CFG_END ()
     };
@@ -150,6 +152,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file)
                                 r->name, typestr);
       r->timeout = cfg_getint (cfg_realm, "timeout");
       r->retries = cfg_getint (cfg_realm, "retries");
+      r->disable_hostname_check = cfg_getbool (cfg_realm, "disable_hostname_check");
 
       r->cacertfile = cfg_getstr (cfg_realm, "cacertfile");
       /*r->cacertpath = cfg_getstr (cfg_realm, "cacertpath");*/
diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h
index e472703..0ecd631 100644 (file)
--- a/lib/include/radsec/radsec-impl.h
+++ b/lib/include/radsec/radsec-impl.h
@@ -70,6 +70,7 @@ struct rs_realm {
     char *cacertpath;
     char *certfile;
     char *certkeyfile;
+    int disable_hostname_check;
     struct rs_credentials *transport_cred;
     struct rs_peer *peers;
     struct rs_realm *next;
diff --git a/lib/tls.c b/lib/tls.c
index 62e219e..62b281f 100644 (file)
--- a/lib/tls.c
+++ b/lib/tls.c
@@ -225,6 +225,8 @@ tls_verify_cert (struct rs_connection *conn)
   if (!success)
     success = (cnregexp (peer_cert, hostname, NULL) == 1);
 
+  if (conn->realm->disable_hostname_check)
+    success = 1;
   if (!success)
     err = rs_err_conn_push (conn, RSE_CERT, "server certificate doesn't "
                             "match configured hostname \"%s\"", hostname);
Unnamed repository; edit this file 'description' to name the repository.