GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Disable DTLS-PSK protocol when run under a unix socket

Browse Source 
It is not possible to derive PSK keys when only the TCP CSTP session
is available, without the TLS session.

Relates #22

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2017-03-20 09:24:29 +01:00
parent 409f114d9e
commit 9938056f6c
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/config.c
View File

@@ -839,6 +839,13 @@ size_t urlfw_size = 0;
}
READ_TF("dtls-psk", config->dtls_psk, 1);
if (perm_config->unix_conn_file) {
if (config->dtls_psk) {
fprintf(stderr, NOTESTR"'dtls-psk' cannot be combined with unix socket file\n");
}
config->dtls_psk = 0;
}
READ_TF("match-tls-dtls-ciphers", config->match_dtls_and_tls, 0);
if (config->match_dtls_and_tls) {
if (config->dtls_legacy) {

2
src/worker-vpn.c
View File

@@ -335,7 +335,7 @@ static int setup_dtls_connection(struct worker_st *ws)
gnutls_session_set_ptr(session, ws);
if (ws->req.use_psk) {
if (ws->req.use_psk && ws->session) {
oclog(ws, LOG_INFO, "setting up DTLS-PSK connection");
ret = setup_dtls_psk_keys(session, ws);
} else {