diff options
author | Linus Nordberg <linus@nordu.net> | 2012-04-23 14:44:49 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2012-04-23 14:44:49 +0200 |
commit | dcce5a04612c307453519d72f28caceb73fdab2a (patch) | |
tree | bb872e0fa9fe87556558b1dbfaf528fb10bc485b /lib/conf.c | |
parent | 4d61fddb4f7e895b8814e7d18e0276498dca9bdb (diff) |
Conditionally compile TLS-PSK code (--enable-tls-psk).
Also, allow for PSK-only configuration, i.e. don't barf on missing cert stuff.
Diffstat (limited to 'lib/conf.c')
-rw-r--r-- | lib/conf.c | 30 |
1 files changed, 23 insertions, 7 deletions
@@ -42,7 +42,7 @@ } #endif -/* FIXME: Leaking memory in error cases? */ +/* FIXME: Leaking memory in error cases. */ int rs_context_read_config(struct rs_context *ctx, const char *config_file) { @@ -146,8 +146,9 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) else if (strcmp (typestr, "DTLS") == 0) r->type = RS_CONN_TYPE_DTLS; else - return rs_err_ctx_push_fl (ctx, RSE_CONFIG, __FILE__, __LINE__, - "invalid connection type: %s", typestr); + return rs_err_ctx_push (ctx, RSE_CONFIG, + "%s: invalid connection type: %s", + r->name, typestr); r->timeout = cfg_getint (cfg_realm, "timeout"); r->retries = cfg_getint (cfg_realm, "retries"); @@ -160,6 +161,7 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) pskhexstr = cfg_getstr (cfg_realm, "pskhexstr"); if (pskstr || pskhexstr) { +#if defined RS_ENABLE_TLS_PSK char *kex = cfg_getstr (cfg_realm, "pskex"); rs_cred_type_t type = RS_CRED_NONE; struct rs_credentials *cred = NULL; @@ -169,10 +171,9 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) type = RS_CRED_TLS_PSK; else { - /* TODO: push a warning, using a separate warn stack or - onto the ordinary error stack? */ - /* rs_err_ctx_push (ctx, FIXME, "%s: unsupported PSK key exchange" - " algorithm -- PSK not used", kex);*/ + /* TODO: push a warning on the error stack:*/ + /*rs_err_ctx_push (ctx, RSE_WARN, "%s: unsupported PSK key exchange" + " algorithm -- PSK not used", kex);*/ } if (type != RS_CRED_NONE) @@ -198,8 +199,23 @@ rs_context_read_config(struct rs_context *ctx, const char *config_file) r->transport_cred = cred; } +#else /* !RS_ENABLE_TLS_PSK */ + /* TODO: push a warning on the error stack: */ + /* rs_err_ctx_push (ctx, RSE_WARN, "libradsec wasn't configured with " + "support for TLS preshared keys, ignoring pskstr " + "and pskhexstr");*/ +#endif /* RS_ENABLE_TLS_PSK */ } + /* For TLS and DTLS realms, validate that we either have (i) CA + cert file or path or (ii) PSK. */ + if ((r->type == RS_CONN_TYPE_TLS || r->type == RS_CONN_TYPE_DTLS) + && (r->cacertfile == NULL && r->cacertpath == NULL) + && r->transport_cred == NULL) + return rs_err_ctx_push (ctx, RSE_CONFIG, + "%s: missing both CA file/path and PSK", + r->name); + /* Add peers, one per server stanza. */ for (j = 0; j < cfg_size (cfg_realm, "server"); j++) { |