aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls/tls_peer.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libtls/tls_peer.c')
-rw-r--r--src/libtls/tls_peer.c23
1 files changed, 21 insertions, 2 deletions
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 622df4035..b429da300 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -665,6 +665,8 @@ METHOD(tls_handshake_t, process, status_t,
{
return process_certreq(this, reader);
}
+ /* no cert request, server does not want to authenticate us */
+ DESTROY_IF(this->peer);
this->peer = NULL;
/* fall through since TLS_CERTIFICATE_REQUEST is optional */
case STATE_CERTREQ_RECEIVED:
@@ -850,6 +852,7 @@ static status_t send_certificate(private_tls_peer_t *this,
{
DBG1(DBG_TLS, "no TLS peer certificate found for '%Y', "
"skipping client authentication", this->peer);
+ this->peer->destroy(this->peer);
this->peer = NULL;
}
@@ -1132,11 +1135,25 @@ METHOD(tls_handshake_t, finished, bool,
return this->state == STATE_FINISHED_RECEIVED;
}
+METHOD(tls_handshake_t, get_peer_id, identification_t*,
+ private_tls_peer_t *this)
+{
+ return this->peer;
+}
+
+METHOD(tls_handshake_t, get_server_id, identification_t*,
+ private_tls_peer_t *this)
+{
+ return this->server;
+}
+
METHOD(tls_handshake_t, destroy, void,
private_tls_peer_t *this)
{
DESTROY_IF(this->private);
DESTROY_IF(this->dh);
+ DESTROY_IF(this->peer);
+ this->server->destroy(this->server);
this->peer_auth->destroy(this->peer_auth);
this->server_auth->destroy(this->server_auth);
free(this->hashsig.ptr);
@@ -1161,6 +1178,8 @@ tls_peer_t *tls_peer_create(tls_t *tls, tls_crypto_t *crypto, tls_alert_t *alert
.cipherspec_changed = _cipherspec_changed,
.change_cipherspec = _change_cipherspec,
.finished = _finished,
+ .get_peer_id = _get_peer_id,
+ .get_server_id = _get_server_id,
.destroy = _destroy,
},
},
@@ -1168,8 +1187,8 @@ tls_peer_t *tls_peer_create(tls_t *tls, tls_crypto_t *crypto, tls_alert_t *alert
.tls = tls,
.crypto = crypto,
.alert = alert,
- .peer = peer,
- .server = server,
+ .peer = peer ? peer->clone(peer) : NULL,
+ .server = server->clone(server),
.peer_auth = auth_cfg_create(),
.server_auth = auth_cfg_create(),
);