From 6ea98ec5fff21c362e28a0121b78b8e6bb3b2528 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Fri, 16 May 2008 18:26:25 +0200 Subject: added first rough ability to authenticate the server against its certificate This is very experimental and needs some more work. It probably even segfaults - but the base code is there and running. The rest is refinement. While working on this, I did these two bugfixes: - bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) - bugfix: $ActionSendStreamDriver had no effect --- runtime/nsd_gtls.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'runtime/nsd_gtls.h') diff --git a/runtime/nsd_gtls.h b/runtime/nsd_gtls.h index bbb0eb9e..885a8b30 100644 --- a/runtime/nsd_gtls.h +++ b/runtime/nsd_gtls.h @@ -38,11 +38,17 @@ struct nsd_gtls_s { BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */ nsd_t *pTcp; /**< our aggregated nsd_ptcp data */ int iMode; /* 0 - plain tcp, 1 - TLS */ + enum { + GTLS_AUTH_CERTNAME = 0, + GTLS_AUTH_CERTFINGERPRINT = 1, + GTLS_AUTH_CERTANON = 2 + } authMode; gtlsRtryCall_t rtryCall;/**< what must we retry? */ int bIsInitiator; /**< 0 if socket is the server end (listener), 1 if it is the initiator */ gnutls_session sess; int bHaveSess; /* as we don't know exactly which gnutls_session values are invalid, we use this one to flag whether or not we are in a session (same as -1 for a socket meaning no sess) */ + uchar *authIDs; /* TODO: make linked list, currently just a single fingerprint, must also support names */ }; /* interface is defined in nsd.h, we just implement it! */ -- cgit