tls: Add tstream_tls_params_verify_peer()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source4/lib/tls/tls.h b/source4/lib/tls/tls.h
index 5c6ab3b2e227f639d30d4d505b823ce9755f1054..3a0035723f24682fed57a3699b4abeb09fa2e876 100644 (file)
--- a/source4/lib/tls/tls.h
+++ b/source4/lib/tls/tls.h
@@ -90,6 +90,8 @@ NTSTATUS tstream_tls_params_server_lpcfg(TALLOC_CTX *mem_ctx,
 
 bool tstream_tls_params_enabled(struct tstream_tls_params *params);
 bool tstream_tls_params_quic_enabled(struct tstream_tls_params *params);
+enum tls_verify_peer_state tstream_tls_params_verify_peer(
+       struct tstream_tls_params *tls_params);
 const char *tstream_tls_params_peer_name(
        const struct tstream_tls_params *params);
 

diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c
index 903ae5404a4ac03d3f7448157daea1d7e3486fd8..39ecade18988dc7d37e40ad9608ba4e354a01ae1 100644 (file)
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -920,6 +920,22 @@ bool tstream_tls_params_quic_enabled(struct tstream_tls_params *tls_params)
        return quic;
 }
 
+enum tls_verify_peer_state tstream_tls_params_verify_peer(
+       struct tstream_tls_params *tls_params)
+{
+#ifdef HAVE_LIBQUIC
+
+       struct tstream_tls_params_internal *tlsp = tls_params->internal;
+
+       return tlsp->verify_peer;
+
+#else /* HAVE_LIBQUIC */
+
+       return TLS_VERIFY_PEER_NO_CHECK;
+
+#endif /* HAVE_LIBQUIC */
+}
+
 const char *tstream_tls_params_peer_name(
        const struct tstream_tls_params *params)
 {