Parse client specific tls conf sections

diff --git a/src/include/clients.h b/src/include/clients.h
index 7e962b6797ed165189bfb7b1e06bfc2700ccdaef..5ebca8a2a69bd639bb49b77dddefdd0fe35021ab 100644 (file)
--- a/src/include/clients.h
+++ b/src/include/clients.h
@@ -79,7 +79,7 @@ typedef struct radclient {
 #endif
 #ifdef WITH_TLS
        bool                    tls_required;           //!< whether TLS encryption is required.
-
+       fr_tls_server_conf_t    *tls;
 #ifdef WITH_RADIUSV11
        char const              *radiusv11_name;
        fr_radiusv11_t          radiusv11;

diff --git a/src/main/client.c b/src/main/client.c
index 2c3581b2c74ccdecd086b139ad696d230412d837..9e9912a3c6304b302ca92292407e554f797b707f 100644 (file)
--- a/src/main/client.c
+++ b/src/main/client.c
@@ -897,6 +897,7 @@ RADCLIENT *client_afrom_cs(TALLOC_CTX *ctx, CONF_SECTION *cs, bool in_server, bo
 {
        RADCLIENT       *c;
        char const      *name2;
+       CONF_SECTION    *tls;
 
        name2 = cf_section_name2(cs);
        if (!name2) {
@@ -938,6 +939,17 @@ RADCLIENT *client_afrom_cs(TALLOC_CTX *ctx, CONF_SECTION *cs, bool in_server, bo
                return NULL;
        }
 
+       /*
+        *      Check the TLS configuration.
+        */
+       tls = cf_section_sub_find(cs, "tls");
+#ifndef WITH_TLS
+       if (tls) {
+               cf_log_err_cs(cs, "TLS transport is not available in this executable");
+               goto error;
+       }
+#endif
+
        /*
         *      Global clients can set servers to use, per-server clients cannot.
         */
@@ -1228,6 +1240,13 @@ done_coa:
                     c->shortname);
        }
 
+#ifdef WITH_TLS
+       if (tls) {
+               c->tls = tls_client_conf_parse(tls);
+               if (!c->tls) goto error;
+       }
+#endif
+
        return c;
 }