summaryrefslogtreecommitdiffstats
path: root/runtime/nsdsel_gtls.c
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2008-05-19 18:52:44 +0200
committerRainer Gerhards <rgerhards@adiscon.com>2008-05-19 18:52:44 +0200
commit85b587f93d7f1294fae78317c0841a30aaa03583 (patch)
treefcfcf000d37b873cf385782fe8c411fb21f1b1c0 /runtime/nsdsel_gtls.c
parent48684ceac5d57f2c3bc9e8afce98d2026ab51958 (diff)
downloadrsyslog-85b587f93d7f1294fae78317c0841a30aaa03583.tar.gz
rsyslog-85b587f93d7f1294fae78317c0841a30aaa03583.tar.xz
rsyslog-85b587f93d7f1294fae78317c0841a30aaa03583.zip
first implementation of TLS server client authentication check
The TLS server now checks the client fingerprint. This works, but is highly experimental. Needs to be refined for practice. Also: - implemented permittedPeers helper construct to store names - changed omfwd implementation to use new permittedPeers
Diffstat (limited to 'runtime/nsdsel_gtls.c')
-rw-r--r--runtime/nsdsel_gtls.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/runtime/nsdsel_gtls.c b/runtime/nsdsel_gtls.c
index e54693dc..082a044b 100644
--- a/runtime/nsdsel_gtls.c
+++ b/runtime/nsdsel_gtls.c
@@ -128,12 +128,10 @@ doRetry(nsd_gtls_t *pNsd)
switch(pNsd->rtryCall) {
case gtlsRtry_handshake:
gnuRet = gnutls_handshake(pNsd->sess);
- dbgprintf("handshake ret %d\n", gnuRet);
if(gnuRet == 0) {
+ pNsd->rtryCall = gtlsRtry_None; /* we are done */
/* we got a handshake, now check authorization */
- // TODO: do it!
- dbgprintf("handshake done\n");
- gtlsChkFingerprint(pNsd);
+ CHKiRet(gtlsChkFingerprint(pNsd));
}
break;
default:
@@ -157,6 +155,9 @@ doRetry(nsd_gtls_t *pNsd)
*/
finalize_it:
+ if(iRet != RS_RET_OK)
+ pNsd->bAbortConn = 1; /* request abort */
+RUNLOG_VAR("%d", pNsd->bAbortConn);
RETiRet;
}
generated by cgit (git 2.34.1) at 2024-05-04 14:34:02 +0000