From: Linus Nordberg <linus@nordberg.se>
Date: Thu, 24 Jan 2013 15:51:36 +0000 (+0100)
Subject: Don't verify server certificate if we're using PSK.
X-Git-Tag: libradsec-0.0.4~47
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=radsecproxy.git;a=commitdiff_plain;h=823ea9ba4a39998e3fe210e99e8e59d342fccfda

Don't verify server certificate if we're using PSK.
---

diff --git a/lib/event.c b/lib/event.c
index 3ebc5a7..78a9156 100644
--- a/lib/event.c
+++ b/lib/event.c
@@ -246,8 +246,9 @@ event_on_connect (struct rs_connection *conn, struct rs_packet *pkt)
   assert (!conn->is_connecting);
 
 #if defined (RS_ENABLE_TLS)
-  if (conn->realm->type == RS_CONN_TYPE_TLS
-      || conn->realm->type == RS_CONN_TYPE_DTLS)
+  if ((conn->realm->type == RS_CONN_TYPE_TLS
+       || conn->realm->type == RS_CONN_TYPE_DTLS)
+      && conn->realm->transport_cred->type != RS_CRED_TLS_PSK)
     if (tls_verify_cert (conn) != RSE_OK)
       {
         rs_debug (("%s: server cert verification failed\n", __func__));