diff options
author | venaas <venaas> | 2007-11-20 14:54:18 +0000 |
---|---|---|
committer | venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf> | 2007-11-20 14:54:18 +0000 |
commit | dcc1af59f992546b8b8e124c103cc3454f580377 (patch) | |
tree | 274842b69f1f85a792e7cbfd2294d22ef1c8fa46 | |
parent | a3ec1192ba229cb3874fe0ba2a1aa5bbd6f70592 (diff) |
now setting client_CA_list
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@195 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r-- | radsecproxy.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index bf3d875..7a6e4c8 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -2238,6 +2238,7 @@ int tlslistener() { void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, char *certkeyfile, char *certkeypwd) { struct tls *new; SSL_CTX *ctx; + STACK_OF(X509_NAME) *calist; int i; unsigned long error; @@ -2280,6 +2281,24 @@ void tlsadd(char *value, char *cacertfile, char *cacertpath, char *certfile, cha debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); debugx(1, DBG_ERR, "Error initialising SSL/TLS in TLS context %s", value); } + + calist = cacertfile ? SSL_load_client_CA_file(cacertfile) : NULL; + if (!cacertfile || calist) { + if (cacertpath) { + if (!calist) + calist = sk_X509_NAME_new_null(); + if (!SSL_add_dir_cert_subjects_to_stack(calist, cacertpath)) { + sk_X509_NAME_free(calist); + calist = NULL; + } + } + } + if (!calist) { + while ((error = ERR_get_error())) + debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); + debugx(1, DBG_ERR, "Error adding CA subjects in TLS context %s", value); + } + SSL_CTX_set_client_CA_list(ctx, calist); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb); SSL_CTX_set_verify_depth(ctx, MAX_CERT_DEPTH + 1); |