pt-tls-server: Explicitly request client authentication if necessary
The PT_TLS_AUTH_TLS_OR_SASL case currently can't be implemented properly as TLS authentication will be enforced if a client identity is configured on the TLS server socket.
This commit is contained in:
parent
4b7cfb252e
commit
602947d48a
|
@ -524,6 +524,18 @@ pt_tls_server_t *pt_tls_server_create(identification_t *server, int fd,
|
|||
pt_tls_auth_t auth, tnccs_t *tnccs)
|
||||
{
|
||||
private_pt_tls_server_t *this;
|
||||
identification_t *client = NULL;
|
||||
|
||||
switch (auth)
|
||||
{
|
||||
case PT_TLS_AUTH_TLS:
|
||||
case PT_TLS_AUTH_TLS_OR_SASL:
|
||||
case PT_TLS_AUTH_TLS_AND_SASL:
|
||||
client = identification_create_from_encoding(ID_ANY, chunk_empty);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
|
@ -532,12 +544,14 @@ pt_tls_server_t *pt_tls_server_create(identification_t *server, int fd,
|
|||
.destroy = _destroy,
|
||||
},
|
||||
.state = PT_TLS_SERVER_VERSION,
|
||||
.tls = tls_socket_create(TRUE, server, NULL, fd, NULL, TLS_UNSPEC,
|
||||
.tls = tls_socket_create(TRUE, server, client, fd, NULL, TLS_UNSPEC,
|
||||
TLS_UNSPEC, FALSE),
|
||||
.tnccs = (tls_t*)tnccs,
|
||||
.auth = auth,
|
||||
);
|
||||
|
||||
DESTROY_IF(client);
|
||||
|
||||
if (!this->tls)
|
||||
{
|
||||
this->tnccs->destroy(this->tnccs);
|
||||
|
|
Loading…
Reference in New Issue