listen_socket_t *sock = request->listener->data;
if (sock->state == LISTEN_TLS_CHECKING) {
- RDEBUG("Checking TLS connection to see if it is authorized.");
+ RDEBUG("(TLS) Checking connection to see if it is authorized.");
dval = dict_valbyname(PW_AUTZ_TYPE, 0, "New-TLS-Connection");
if (dval) {
rcode = process_authorize(dval->value, request);
} else {
rcode = RLM_MODULE_OK;
- RWDEBUG("Did not find 'Autz-Type New-TLS-Connection' - defaulting to accept");
+ RWDEBUG("(TLS) Did not find 'Autz-Type New-TLS-Connection' - defaulting to accept");
}
if ((rcode == RLM_MODULE_OK) || (rcode == RLM_MODULE_UPDATED)) {
+ RDEBUG("(TLS) Connection is authorized");
request->reply->code = PW_CODE_ACCESS_ACCEPT;
} else {
+ RWDEBUG("(TLS) Connection is not authorized - closing TCP socket.");
request->reply->code = PW_CODE_ACCESS_REJECT;
}
rad_assert(request != NULL);
- RDEBUG2("Initiating new TLS session");
+ RDEBUG2("(TLS) Initiating new session");
/*
* Replace X509 store if it is time to update CRLs/certs in ca_path
* Verify the peer certificate, if asked.
*/
if (client_cert) {
- RDEBUG2("Setting verify mode to require certificate from client");
+ RDEBUG2("(TLS) Setting verify mode to require certificate from client");
verify_mode = SSL_VERIFY_PEER;
verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
verify_mode |= SSL_VERIFY_CLIENT_ONCE;
*/
if (sock->state == LISTEN_TLS_CHECKING) {
if (request->reply->code != PW_CODE_ACCESS_ACCEPT) {
- REDEBUG("Rejecting client TLS connection");
listener->status = RAD_LISTEN_STATUS_REMOVE_NOW;
listener->tls = NULL; /* parent owns this! */
rad_assert(sock->request->packet != request->packet);
- RDEBUG("Accepting client TLS connection");
sock->state = LISTEN_TLS_SETUP;
(void) dual_tls_recv(listener);
return 0;
projects / thirdparty / freeradius-server.git / commitdiff
