Mercurial > hg > freeDiameter
diff libfdcore/p_cnx.c @ 1155:d00b5914351e
Allow running freeDiameter without TLS credentials if the following conditions are verified:
- The Secure Diameter port is disabled (SecPort = 0;)
- The old TLS mechanism is not used (TLS_old_method; not defined)
Note that in this context only connections to peers explicitely authorized for 'No_TLS' are
permitted.
author | Sebastien Decugis <sdecugis@freediameter.net> |
---|---|
date | Tue, 28 May 2013 12:11:27 +0800 |
parents | 140450615773 |
children | 22de21feec64 |
line wrap: on
line diff
--- a/libfdcore/p_cnx.c Mon May 27 17:22:40 2013 +0800 +++ b/libfdcore/p_cnx.c Tue May 28 12:11:27 2013 +0800 @@ -128,6 +128,14 @@ return 0; } + /* Check if we are able to communicate with this peer */ + if (fd_g_config->cnf_sec_data.tls_disabled && ( peer->p_hdr.info.config.pic_flags.sec != PI_SEC_NONE)) { + LOG_E("Peer '%s' not configured for No_TLS and TLS is locally disabled; giving up connection attempts", + peer->p_hdr.info.pi_diamid); + fd_psm_terminate( peer, NULL ); + return 0; + } + /* Cleanup any previous list */ empty_connection_list(peer);