Navigation

Changeset 1155:d00b5914351e in freeDiameter for libfdcore/p_cnx.c


Ignore:
Timestamp:
May 28, 2013, 1:11:27 PM (11 years ago)
Author:
Sebastien Decugis <sdecugis@freediameter.net>
Branch:
default
Phase:
public
Message:

Allow running freeDiameter without TLS credentials if the following conditions are verified:

  • The Secure Diameter port is disabled (SecPort? = 0;)
  • The old TLS mechanism is not used (TLS_old_method; not defined)

Note that in this context only connections to peers explicitely authorized for 'No_TLS' are
permitted.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • libfdcore/p_cnx.c

    r1136 r1155  
    129129        }
    130130       
     131        /* Check if we are able to communicate with this peer */
     132        if (fd_g_config->cnf_sec_data.tls_disabled && ( peer->p_hdr.info.config.pic_flags.sec != PI_SEC_NONE)) {
     133                LOG_E("Peer '%s' not configured for No_TLS and TLS is locally disabled; giving up connection attempts",
     134                                        peer->p_hdr.info.pi_diamid);
     135                fd_psm_terminate( peer, NULL );
     136                return 0;
     137        }
     138       
    131139        /* Cleanup any previous list */
    132140        empty_connection_list(peer);
Note: See TracChangeset for help on using the changeset viewer.