diff options
| author | Martin Willi <martin@revosec.ch> | 2011-04-14 20:00:54 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-04-14 20:02:12 +0200 |
| commit | 2db8b58f6286dc9fe3a897f7a1fbee6ef2293bee (patch) | |
| tree | 0493504b5b05d317242cf801eb499986f069630d | |
| parent | 6a8f1a578fc9841309fee355b8c934dc454b6901 (diff) | |
| download | strongswan-2db8b58f6286dc9fe3a897f7a1fbee6ef2293bee.tar.bz2 strongswan-2db8b58f6286dc9fe3a897f7a1fbee6ef2293bee.tar.xz | |
Continue without client authentication if no matching certificate found
| -rw-r--r-- | src/libtls/tls_peer.c | 41 |
1 files changed, 22 insertions, 19 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 8efc394f5..621f1729d 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -817,39 +817,42 @@ static status_t send_certificate(private_tls_peer_t *this, this->private = find_private_key(this); if (!this->private) { - DBG1(DBG_TLS, "no TLS peer certificate found for '%Y'", this->peer); - this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR); - return NEED_MORE; + DBG1(DBG_TLS, "no TLS peer certificate found for '%Y', " + "skipping client authentication", this->peer); + this->peer = NULL; } /* generate certificate payload */ certs = tls_writer_create(256); - cert = this->peer_auth->get(this->peer_auth, AUTH_RULE_SUBJECT_CERT); - if (cert) - { - if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) - { - DBG1(DBG_TLS, "sending TLS peer certificate '%Y'", - cert->get_subject(cert)); - certs->write_data24(certs, data); - free(data.ptr); - } - } - enumerator = this->peer_auth->create_enumerator(this->peer_auth); - while (enumerator->enumerate(enumerator, &rule, &cert)) + if (this->peer) { - if (rule == AUTH_RULE_IM_CERT) + cert = this->peer_auth->get(this->peer_auth, AUTH_RULE_SUBJECT_CERT); + if (cert) { if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) { - DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'", + DBG1(DBG_TLS, "sending TLS peer certificate '%Y'", cert->get_subject(cert)); certs->write_data24(certs, data); free(data.ptr); } } + enumerator = this->peer_auth->create_enumerator(this->peer_auth); + while (enumerator->enumerate(enumerator, &rule, &cert)) + { + if (rule == AUTH_RULE_IM_CERT) + { + if (cert->get_encoding(cert, CERT_ASN1_DER, &data)) + { + DBG1(DBG_TLS, "sending TLS intermediate certificate '%Y'", + cert->get_subject(cert)); + certs->write_data24(certs, data); + free(data.ptr); + } + } + } + enumerator->destroy(enumerator); } - enumerator->destroy(enumerator); writer->write_data24(writer, certs->get_buf(certs)); certs->destroy(certs); |