diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-19 18:52:44 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-19 18:52:44 +0200 |
| commit | 85b587f93d7f1294fae78317c0841a30aaa03583 (patch) | |
| tree | fcfcf000d37b873cf385782fe8c411fb21f1b1c0 /runtime/netstrm.c | |
| parent | 48684ceac5d57f2c3bc9e8afce98d2026ab51958 (diff) | |
| download | rsyslog-85b587f93d7f1294fae78317c0841a30aaa03583.tar.gz rsyslog-85b587f93d7f1294fae78317c0841a30aaa03583.tar.xz rsyslog-85b587f93d7f1294fae78317c0841a30aaa03583.zip | |
first implementation of TLS server client authentication check
The TLS server now checks the client fingerprint. This works, but
is highly experimental. Needs to be refined for practice. Also:
- implemented permittedPeers helper construct to store names
- changed omfwd implementation to use new permittedPeers
Diffstat (limited to 'runtime/netstrm.c')
| -rw-r--r-- | runtime/netstrm.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/runtime/netstrm.c b/runtime/netstrm.c index 899cb3bf..786ba7f8 100644 --- a/runtime/netstrm.c +++ b/runtime/netstrm.c @@ -43,6 +43,7 @@ #include <string.h> #include "rsyslog.h" +#include "net.h" #include "module-template.h" #include "obj.h" #include "errmsg.h" @@ -202,20 +203,21 @@ SetDrvrAuthMode(netstrm_t *pThis, uchar *mode) } -/* add an accepted fingerprint -- rgerhards, 2008-05-16 - */ +/* set the driver's permitted peers -- rgerhards, 2008-05-19 */ static rsRetVal -AddDrvrPermittedFingerprint(netstrm_t *pThis, uchar *fingerprint) +SetDrvrPermPeers(netstrm_t *pThis, permittedPeers_t *pPermPeers) { DEFiRet; ISOBJ_TYPE_assert(pThis, netstrm); - iRet = pThis->Drvr.AddPermFingerprint(pThis->pDrvrData, fingerprint); + iRet = pThis->Drvr.SetPermPeers(pThis->pDrvrData, pPermPeers); RETiRet; } + /* End of methods to shuffle autentication settings to the driver. * -------------------------------------------------------------------------- */ + /* send a buffer. On entry, pLenBuf contains the number of octets to * write. On exit, it contains the number of octets actually written. * If this number is lower than on entry, only a partial buffer has @@ -311,7 +313,7 @@ CODESTARTobjQueryInterface(netstrm) pIf->GetRemoteIP = GetRemoteIP; pIf->SetDrvrMode = SetDrvrMode; pIf->SetDrvrAuthMode = SetDrvrAuthMode; - pIf->AddDrvrPermittedFingerprint = AddDrvrPermittedFingerprint; + pIf->SetDrvrPermPeers = SetDrvrPermPeers; pIf->GetSock = GetSock; finalize_it: ENDobjQueryInterface(netstrm) |