pskhexstr = STRING # Transport pre-shared key, ASCII hex form.
pskid = STRING
pskex = "PSK"|"DHE_PSK"|"RSA_PSK"
+ disable_hostname_check = yes|no
}
# client specific realm config options
CFG_STR ("pskhexstr", NULL, CFGF_NONE),
CFG_STR ("pskid", NULL, CFGF_NONE),
CFG_STR ("pskex", "PSK", CFGF_NONE),
+ CFG_BOOL ("disable_hostname_check", cfg_false, CFGF_NONE),
CFG_SEC ("server", server_opts, CFGF_MULTI),
CFG_END ()
};
r->name, typestr);
r->timeout = cfg_getint (cfg_realm, "timeout");
r->retries = cfg_getint (cfg_realm, "retries");
+ r->disable_hostname_check = cfg_getbool (cfg_realm, "disable_hostname_check");
r->cacertfile = cfg_getstr (cfg_realm, "cacertfile");
/*r->cacertpath = cfg_getstr (cfg_realm, "cacertpath");*/
if (!success)
success = (cnregexp (peer_cert, hostname, NULL) == 1);
+ if (conn->realm->disable_hostname_check)
+ success = 1;
if (!success)
err = rs_err_conn_push (conn, RSE_CERT, "server certificate doesn't "
"match configured hostname \"%s\"", hostname);