summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2013-10-03 21:13:54 +0200
committerLinus Nordberg <linus@nordberg.se>2013-10-03 21:13:54 +0200
commit787ccb8ea4a0c384749338fb4665c790c42af665 (patch)
tree3d39cd4031034781b820192bc113ccce695a8bd2
parenta6ea0fa54ab96f56333d5e660a4a7fd7c061dd3c (diff)
Implement disable_hostname_check config option.
Patch by Sam Hartman.
-rw-r--r--lib/conf.c3
-rw-r--r--lib/include/radsec/radsec-impl.h1
-rw-r--r--lib/tls.c2
3 files changed, 6 insertions, 0 deletions
diff --git a/lib/conf.c b/lib/conf.c
index 68da0a5..4e0df31 100644
--- a/lib/conf.c
+++ b/lib/conf.c
@@ -31,6 +31,7 @@
pskhexstr = STRING # Transport pre-shared key, ASCII hex form.
pskid = STRING
pskex = "PSK"|"DHE_PSK"|"RSA_PSK"
+ disable_hostname_check = "yes"|"no"
}
# client specific realm config options
@@ -73,6 +74,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file)
CFG_STR ("pskhexstr", NULL, CFGF_NONE),
CFG_STR ("pskid", NULL, CFGF_NONE),
CFG_STR ("pskex", "PSK", CFGF_NONE),
+ CFG_BOOL ("disable_hostname_check", cfg_false, CFGF_NONE),
CFG_SEC ("server", server_opts, CFGF_MULTI),
CFG_END ()
};
@@ -150,6 +152,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file)
r->name, typestr);
r->timeout = cfg_getint (cfg_realm, "timeout");
r->retries = cfg_getint (cfg_realm, "retries");
+ r->disable_hostname_check = cfg_getbool (cfg_realm, "disable_hostname_check");
r->cacertfile = cfg_getstr (cfg_realm, "cacertfile");
/*r->cacertpath = cfg_getstr (cfg_realm, "cacertpath");*/
diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h
index e472703..0ecd631 100644
--- a/lib/include/radsec/radsec-impl.h
+++ b/lib/include/radsec/radsec-impl.h
@@ -70,6 +70,7 @@ struct rs_realm {
char *cacertpath;
char *certfile;
char *certkeyfile;
+ int disable_hostname_check;
struct rs_credentials *transport_cred;
struct rs_peer *peers;
struct rs_realm *next;
diff --git a/lib/tls.c b/lib/tls.c
index 62e219e..62b281f 100644
--- a/lib/tls.c
+++ b/lib/tls.c
@@ -225,6 +225,8 @@ tls_verify_cert (struct rs_connection *conn)
if (!success)
success = (cnregexp (peer_cert, hostname, NULL) == 1);
+ if (conn->realm->disable_hostname_check)
+ success = 1;
if (!success)
err = rs_err_conn_push (conn, RSE_CERT, "server certificate doesn't "
"match configured hostname \"%s\"", hostname);