};
struct sslport {
- int fd;
- int sport;
+ int fd, sport, clreq;
gnutls_certificate_credentials_t creds;
gnutls_priority_t ciphers;
struct namedcreds **ncreds;
for(u = 0; pd->ncreds[o]->names[u] != NULL; u++) {
if(!strcmp(pd->ncreds[o]->names[u], nambuf)) {
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, pd->ncreds[o]->creds);
- gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
+ if(pd->clreq)
+ gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
return(0);
}
}
}
}
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, pd->creds);
- gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
+ if(pd->clreq)
+ gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
return(0);
}
void handlegnussl(int argc, char **argp, char **argv)
{
- int i, ret, port, fd;
+ int i, ret, port, fd, clreq;
gnutls_certificate_credentials_t creds;
gnutls_priority_t ciphers;
gnutls_x509_privkey_t defkey;
init();
port = 443;
+ clreq = 0;
bufinit(ncreds);
bufinit(ncertf);
bufinit(ncertd);
exit(1);
}
}
+ clreq = 1;
} else if(!strcmp(argp[i], "crl")) {
if((ret = gnutls_certificate_set_x509_crl_file(creds, argv[i], GNUTLS_X509_FMT_PEM)) != 0) {
flog(LOG_ERR, "ssl: could not load CRL file `%s': %s", argv[i], gnutls_strerror(ret));
exit(1);
}
}
+ clreq = 1;
} else if(!strcmp(argp[i], "port")) {
port = atoi(argv[i]);
} else if(!strcmp(argp[i], "ncert")) {
omalloc(pd);
pd->fd = fd;
pd->sport = port;
+ pd->clreq = clreq;
pd->creds = creds;
pd->ncreds = ncreds.b;
pd->ciphers = ciphers;
Dolda2000 GitWeb / ashd.git / commitdiff