ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

pt-tls-server: Explicitly request client authentication if necessary 

The PT_TLS_AUTH_TLS_OR_SASL case currently can't be implemented properly
as TLS authentication will be enforced if a client identity is configured
on the TLS server socket.
This commit is contained in:
Tobias Brunner 2021-02-18 12:34:29 +01:00
parent 4b7cfb252e
commit 602947d48a
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/libpttls/pt_tls_server.c
View File

@ -524,6 +524,18 @@ pt_tls_server_t *pt_tls_server_create(identification_t *server, int fd,
pt_tls_auth_t auth, tnccs_t *tnccs) pt_tls_auth_t auth, tnccs_t *tnccs)
{ {
private_pt_tls_server_t *this; private_pt_tls_server_t *this;
identification_t *client = NULL;
switch (auth)
{
case PT_TLS_AUTH_TLS:
case PT_TLS_AUTH_TLS_OR_SASL:
case PT_TLS_AUTH_TLS_AND_SASL:
client = identification_create_from_encoding(ID_ANY, chunk_empty);
break;
default:
break;
}
INIT(this, INIT(this,
.public = { .public = {
@ -532,12 +544,14 @@ pt_tls_server_t *pt_tls_server_create(identification_t *server, int fd,
.destroy = _destroy, .destroy = _destroy,
}, },
.state = PT_TLS_SERVER_VERSION, .state = PT_TLS_SERVER_VERSION,
.tls = tls_socket_create(TRUE, server, NULL, fd, NULL, TLS_UNSPEC, .tls = tls_socket_create(TRUE, server, client, fd, NULL, TLS_UNSPEC,
TLS_UNSPEC, FALSE), TLS_UNSPEC, FALSE),
.tnccs = (tls_t*)tnccs, .tnccs = (tls_t*)tnccs,
.auth = auth, .auth = auth,
); );
DESTROY_IF(client);
if (!this->tls) if (!this->tls)
{ {
this->tnccs->destroy(this->tnccs); this->tnccs->destroy(this->tnccs);