From: Linus Nordberg <linus@nordberg.se>
Date: Thu, 24 Jan 2013 15:51:36 +0000 (+0100)
Subject: Don't verify server certificate if we're using PSK.
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=radsecproxy.git;a=commitdiff_plain;h=0fb4331cd350ad8921dbbbcef31ceaa38a92a3b6

Don't verify server certificate if we're using PSK.
---

diff --git a/lib/event.c b/lib/event.c
index f768273..138fa72 100644
--- a/lib/event.c
+++ b/lib/event.c
@@ -246,8 +246,9 @@ event_on_connect (struct rs_connection *conn, struct rs_message *msg)
   assert (!conn->is_connecting);
 
 #if defined (RS_ENABLE_TLS)
-  if (conn->realm->type == RS_CONN_TYPE_TLS
-      || conn->realm->type == RS_CONN_TYPE_DTLS)
+  if ((conn->realm->type == RS_CONN_TYPE_TLS
+       || conn->realm->type == RS_CONN_TYPE_DTLS)
+      && conn->realm->transport_cred->type != RS_CRED_TLS_PSK)
     if (tls_verify_cert (conn) != RSE_OK)
       {
         rs_debug (("%s: server cert verification failed\n", __func__));