diff options
author | Linus Nordberg <linus@nordberg.se> | 2013-10-03 21:13:54 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordberg.se> | 2013-10-03 21:13:54 +0200 |
commit | 787ccb8ea4a0c384749338fb4665c790c42af665 (patch) | |
tree | 3d39cd4031034781b820192bc113ccce695a8bd2 | |
parent | a6ea0fa54ab96f56333d5e660a4a7fd7c061dd3c (diff) |
Implement disable_hostname_check config option.
Patch by Sam Hartman.
-rw-r--r-- | lib/conf.c | 3 | ||||
-rw-r--r-- | lib/include/radsec/radsec-impl.h | 1 | ||||
-rw-r--r-- | lib/tls.c | 2 |
3 files changed, 6 insertions, 0 deletions
@@ -31,6 +31,7 @@ pskhexstr = STRING # Transport pre-shared key, ASCII hex form. pskid = STRING pskex = "PSK"|"DHE_PSK"|"RSA_PSK" + disable_hostname_check = "yes"|"no" } # client specific realm config options @@ -73,6 +74,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) CFG_STR ("pskhexstr", NULL, CFGF_NONE), CFG_STR ("pskid", NULL, CFGF_NONE), CFG_STR ("pskex", "PSK", CFGF_NONE), + CFG_BOOL ("disable_hostname_check", cfg_false, CFGF_NONE), CFG_SEC ("server", server_opts, CFGF_MULTI), CFG_END () }; @@ -150,6 +152,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) r->name, typestr); r->timeout = cfg_getint (cfg_realm, "timeout"); r->retries = cfg_getint (cfg_realm, "retries"); + r->disable_hostname_check = cfg_getbool (cfg_realm, "disable_hostname_check"); r->cacertfile = cfg_getstr (cfg_realm, "cacertfile"); /*r->cacertpath = cfg_getstr (cfg_realm, "cacertpath");*/ diff --git a/lib/include/radsec/radsec-impl.h b/lib/include/radsec/radsec-impl.h index e472703..0ecd631 100644 --- a/lib/include/radsec/radsec-impl.h +++ b/lib/include/radsec/radsec-impl.h @@ -70,6 +70,7 @@ struct rs_realm { char *cacertpath; char *certfile; char *certkeyfile; + int disable_hostname_check; struct rs_credentials *transport_cred; struct rs_peer *peers; struct rs_realm *next; @@ -225,6 +225,8 @@ tls_verify_cert (struct rs_connection *conn) if (!success) success = (cnregexp (peer_cert, hostname, NULL) == 1); + if (conn->realm->disable_hostname_check) + success = 1; if (!success) err = rs_err_conn_push (conn, RSE_CERT, "server certificate doesn't " "match configured hostname \"%s\"", hostname); |