Changeset 565:64e55fc10ab3 in freeDiameter for extensions/app_diameap/plugins/eap_tls/eap_tls.c
- Timestamp:
- Sep 27, 2010, 4:39:14 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/app_diameap/plugins/eap_tls/eap_tls.c
r425 r565 70 70 tls_global_conf.cafile = NULL; 71 71 tls_global_conf.crlfile = NULL; 72 tls_global_conf.check_cert_cn_username = FALSE; 72 73 73 74 /*Parse EAP TLS configuration file */ … … 185 186 data->state = SUCCESS; 186 187 smd->user.success = TRUE; 188 189 if(tls_global_conf.check_cert_cn_username == TRUE){ 190 unsigned int list_size; 191 const gnutls_datum_t * list = gnutls_certificate_get_peers (data->session, &list_size); 192 if(list_size<1){ 193 goto failure; 194 } 195 196 gnutls_x509_crt_t cert; 197 198 CHECK_GNUTLS_DO(gnutls_x509_crt_init(&cert),{ 199 TRACE_DEBUG(NONE,"%s[EAP TLS plugin] [GnuTLS] error in initialization crt init",DIAMEAP_EXTENSION); 200 goto failure;}); 201 202 CHECK_GNUTLS_DO(gnutls_x509_crt_import(cert, &list[0], GNUTLS_X509_FMT_DER), { 203 TRACE_DEBUG(NONE,"%s[EAP TLS plugin] [GnuTLS] error parsing certificate",DIAMEAP_EXTENSION); 204 goto failure;}); 205 206 void * buff; 207 size_t size_buffer; 208 int ret; 209 ret = gnutls_x509_crt_get_dn_by_oid(cert,GNUTLS_OID_X520_COMMON_NAME,0,0,NULL,&size_buffer); 210 if( ret != GNUTLS_E_SHORT_MEMORY_BUFFER){ 211 CHECK_GNUTLS_DO(ret,{ 212 TRACE_DEBUG(NONE,"%s[EAP TLS plugin] [GnuTLS] error get dn by oid",DIAMEAP_EXTENSION); 213 goto failure;}); 214 } 215 216 CHECK_MALLOC_DO(buff=malloc(size_buffer), goto failure); 217 218 CHECK_GNUTLS_DO(gnutls_x509_crt_get_dn_by_oid(cert,GNUTLS_OID_X520_COMMON_NAME,0,0,buff,&size_buffer),{ 219 TRACE_DEBUG(NONE,"%s[EAP TLS plugin] [GnuTLS] error get dn by oid",DIAMEAP_EXTENSION); 220 goto failure;}); 221 222 if(strcmp((char *)smd->user.userid,buff)!=0){ 223 goto failure; 224 } 225 226 gnutls_x509_crt_deinit(cert); 227 goto next; 228 229 failure: 230 TRACE_DEBUG(NONE,"%s[EAP TLS plugin] Checking failed. certificate's CN does not match User_Name AVP value.",DIAMEAP_EXTENSION); 231 data->state = FAILURE; 232 smd->user.success = FALSE; 233 gnutls_x509_crt_deinit(cert); 234 } 235 236 next: 187 237 smd->methodData = (struct tls_data*) data; 188 238 return 0; 239 189 240 } 190 241
Note: See TracChangeset
for help on using the changeset viewer.