Changeset 1155:d00b5914351e in freeDiameter for libfdcore/p_ce.c
- Timestamp:
- May 28, 2013, 1:11:27 PM (11 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
libfdcore/p_ce.c
r1127 r1155 596 596 if (!fd_cnx_getTLS(cnx)) { 597 597 isi_none = peer->p_hdr.info.config.pic_flags.sec & PI_SEC_NONE; /* we add it even if the peer does not use the old mechanism, it is impossible to distinguish */ 598 isi_tls = peer->p_hdr.info.config.pic_flags.sec & PI_SEC_TLS_OLD; 598 599 if (peer->p_hdr.info.config.pic_flags.sec & PI_SEC_TLS_OLD) { 600 if (fd_g_config->cnf_sec_data.tls_disabled) { 601 LOG_N("TLS disabled locally, so Inband-Security-Id (TLS) not included for peer %s", peer->p_hdr.info.pi_diamid); 602 } else { 603 isi_tls = 1; 604 } 605 } 599 606 } 600 607 … … 771 778 TRACE_DEBUG(INFO, "No TLS protection negotiated with peer '%s'.", peer->p_hdr.info.pi_diamid); 772 779 CHECK_FCT( fd_cnx_start_clear(peer->p_cnxctx, 1) ); 780 781 } else if (fd_g_config->cnf_sec_data.tls_disabled) { 782 LOG_E("Clear connection with remote peer '%s' is not (explicitly) allowed, and TLS is disabled. Giving up...", peer->p_hdr.info.pi_diamid); 783 fd_hook_call(HOOK_PEER_CONNECT_FAILED, NULL, peer, "TLS is disabled and peer is not configured for IPsec", NULL); 784 goto cleanup; 785 773 786 } else { 774 775 787 fd_psm_change_state(peer, STATE_OPEN_HANDSHAKE); 776 788 CHECK_FCT_DO( fd_cnx_handshake(peer->p_cnxctx, GNUTLS_CLIENT, peer->p_hdr.info.config.pic_priority, NULL), … … 900 912 /* We have allowed IPsec */ 901 913 isi = PI_SEC_NONE; 914 } else if (fd_g_config->cnf_sec_data.tls_disabled) { 915 /* We can agree on TLS */ 916 TRACE_DEBUG(INFO, "Remote peer is not allowed for IPsec and TLS is disabled.");; 902 917 } else if (peer->p_hdr.info.runtime.pir_isi & PI_SEC_TLS_OLD) { 903 918 /* We can agree on TLS */
Note: See TracChangeset
for help on using the changeset viewer.