};
struct sslport {
- int fd;
- int sport;
+ int fd, sport, clreq;
gnutls_certificate_credentials_t creds;
gnutls_priority_t ciphers;
struct namedcreds **ncreds;
for(u = 0; pd->ncreds[o]->names[u] != NULL; u++) {
if(!strcmp(pd->ncreds[o]->names[u], nambuf)) {
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, pd->ncreds[o]->creds);
- gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
+ if(pd->clreq)
+ gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
return(0);
}
}
}
}
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, pd->creds);
- gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
+ if(pd->clreq)
+ gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST);
return(0);
}
for(i = 0, p = NULL; i < sizeof(headers) / sizeof(*headers); i++) {
f = memmem(pem->b, pem->d, headers[i], strlen(headers[i]));
- if((p == NULL) || (f < p))
+ if((f != NULL) && ((p == NULL) || (f < p)))
p = f;
}
if(p == NULL)
bufadd(*ret, crt);
for(i = 0, p2 = NULL; i < sizeof(headers) / sizeof(*headers); i++) {
f = memmem(p + 1, pem->d - (p + 1 - pem->b), headers[i], strlen(headers[i]));
- if((p2 == NULL) || (f < p2))
+ if((f != NULL) && ((p2 == NULL) || (f < p2)))
p2 = f;
}
} while((p = p2) != NULL);
void handlegnussl(int argc, char **argp, char **argv)
{
- int i, ret, port, fd;
+ int i, ret, port, fd, clreq;
gnutls_certificate_credentials_t creds;
gnutls_priority_t ciphers;
gnutls_x509_privkey_t defkey;
init();
port = 443;
+ clreq = 0;
bufinit(ncreds);
bufinit(ncertf);
bufinit(ncertd);
exit(1);
}
}
+ clreq = 1;
} else if(!strcmp(argp[i], "crl")) {
if((ret = gnutls_certificate_set_x509_crl_file(creds, argv[i], GNUTLS_X509_FMT_PEM)) != 0) {
flog(LOG_ERR, "ssl: could not load CRL file `%s': %s", argv[i], gnutls_strerror(ret));
exit(1);
}
}
+ clreq = 1;
} else if(!strcmp(argp[i], "port")) {
port = atoi(argv[i]);
} else if(!strcmp(argp[i], "ncert")) {
omalloc(pd);
pd->fd = fd;
pd->sport = port;
+ pd->clreq = clreq;
pd->creds = creds;
pd->ncreds = ncreds.b;
pd->ciphers = ciphers;