give better error messages for %{listen:TLS-*}

author Alan T. DeKok <aland@freeradius.org>

Wed, 14 Dec 2022 16:19:03 +0000 (11:19 -0500)

committer Alan T. DeKok <aland@freeradius.org>

Wed, 14 Dec 2022 16:20:32 +0000 (11:20 -0500)
author Alan T. DeKok <aland@freeradius.org>
Wed, 14 Dec 2022 16:19:03 +0000 (11:19 -0500)
committer Alan T. DeKok <aland@freeradius.org>
Wed, 14 Dec 2022 16:20:32 +0000 (11:20 -0500)
diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c

index 960a31200621c2e86ecae1103a4651248e17f001..227ae4acfde86d209b249e15174b6bc83be1d5ec 100644 (file)
--- a/src/main/mainconfig.c
+++ b/src/main/mainconfig.c
@@ -501,11 +501,27 @@ static ssize_t xlat_listen_common(REQUEST *request, rad_listen_t *listen,
                 VALUE_PAIR *vp;
                 listen_socket_t *sock = listen->data;
  
+               if (!listen->tls) {
+                       RDEBUG("Listener is not using TLS.  TLS attributes are not available");
+                       *out = '\0';
+                       return 0;
+               }
+
                 for (vp = sock->certs; vp != NULL; vp = vp->next) {
                         if (strcmp(fmt, vp->da->name) == 0) {
                                 return vp_prints_value(out, outlen, vp, 0);
                         }
                 }
+
+               RDEBUG("Unknown TLS attribute \"%s\"", fmt);
+               *out = '\0';
+               return 0;
+       }
+#else
+       if (strncmp(fmt, "TLS-", 4) == 0) {
+               RDEBUG("Server is not built with TLS support");
+               *out = '\0';
+               return 0;
         }
  #endif
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 14 Dec 2022 16:19:03 +0000 (11:19 -0500)
committer	Alan T. DeKok <aland@freeradius.org>
	Wed, 14 Dec 2022 16:20:32 +0000 (11:20 -0500)