bool tls_required; //!< whether TLS encryption is required.
#ifdef WITH_RADIUSV11
+ char const *radiusv11_name;
fr_radiusv11_t radiusv11;
#endif
#endif
fr_tls_server_conf_t *tls;
uint32_t connect_timeout;
rbtree_t *listeners;
-#ifdef WITH_RADIUSV11
- fr_radiusv11_t radiusv11;
-#endif
#endif
#ifdef WITH_STATS
fr_hash_table_t *realms;
char const *client_hostname;
+
+#ifdef WITH_RADIUSV11
+ char const *radiusv11_name;
+ fr_radiusv11_t radiusv11;
+#endif
};
#ifdef __cplusplus
{ "rate_limit", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, RADCLIENT, rate_limit), NULL },
#endif
+#ifdef WITH_RADIUSV11
+ { "radiusv11", FR_CONF_OFFSET(PW_TYPE_STRING, RADCLIENT, radiusv11_name), "forbid" },
+#endif
+
CONF_PARSER_TERMINATOR
};
}
#ifdef WITH_RADIUSV11
- if (c->tls_required && (cf_pair_find(cs, "radiusv11") != NULL)) {
+ if (c->tls_required && c->radiusv11_name) {
int rcode;
- char const *name = NULL;
-
- rcode = cf_item_parse(cs, "radiusv11", FR_ITEM_POINTER(PW_TYPE_STRING, &name), "forbid");
- if (rcode < 0) goto error;
- rcode = fr_str2int(radiusv11_types, name, -1);
+ rcode = fr_str2int(radiusv11_types, c->radiusv11_name, -1);
if (rcode < 0) {
cf_log_err_cs(cs, "Invalid value for 'radiusv11'");
goto error;
#ifdef WITH_RADIUSV11
if (listener->tls) {
- switch (listener->radiusv11) {
+ switch (listener->tls->radiusv11) {
case FR_RADIUSV11_FORBID:
if (client->radiusv11 == FR_RADIUSV11_REQUIRE) {
INFO("Ignoring new connection as client is marked as 'radiusv11 = require', and this socket has 'radiusv11 = forbid'");
if (rcode < 0) return -1;
#ifdef WITH_RADIUSV11
- if (cf_pair_find(cs, "radiusv11")) {
- char const *name = NULL;
-
- rcode = cf_item_parse(cs, "radiusv11", FR_ITEM_POINTER(PW_TYPE_STRING, &name), "forbid");
- if (rcode < 0) return -1;
-
- rcode = fr_str2int(radiusv11_types, name, -1);
+ if (this->tls->radiusv11_name) {
+ rcode = fr_str2int(radiusv11_types, this->tls->radiusv11_name, -1);
if (rcode < 0) {
cf_log_err_cs(cs, "Invalid value for 'radiusv11'");
return -1;
}
- this->radiusv11 = rcode;
- }
-
- /*
- * Default is "forbid" (0). In which case we don't set any ALPN callbacks, and
- * the ServerHello does not contain an ALPN section.
- */
- if (this->radiusv11 != FR_RADIUSV11_FORBID) {
- if (this->type != RAD_LISTEN_PROXY) {
- SSL_CTX_set_alpn_select_cb(this->tls->ctx, radiusv11_server_alpn_cb, this);
- } else {
- SSL_CTX_set_next_proto_select_cb(this->tls->ctx, radiusv11_client_alpn_cb, this);
- }
+ this->radiusv11 = this->tls->radiusv11 = rcode;
}
#endif
}
if (!home->listeners) goto error;
#ifdef WITH_RADIUSV11
- if (cf_pair_find(tls, "radiusv11")) {
- char const *name = NULL;
-
- rcode = cf_item_parse(cs, "radiusv11", FR_ITEM_POINTER(PW_TYPE_STRING, &name), "forbid");
- if (rcode < 0) goto error;
-
- rcode = fr_str2int(radiusv11_types, name, -1);
+ if (home->tls->radiusv11_name) {
+ rcode = fr_str2int(radiusv11_types, home->tls->radiusv11_name, -1);
if (rcode < 0) {
cf_log_err_cs(cs, "Invalid value for 'radiusv11'");
goto error;
}
- home->radiusv11 = rcode;
+ home->tls->radiusv11 = rcode;
}
#endif
#endif
},
+#ifdef WITH_RADIUSV11
+ { "radiusv11", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, radiusv11_name), "forbid" },
+#endif
+
{ "realm_dir", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, realm_dir), NULL },
{ "cache", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) cache_config },
#endif
},
+#ifdef WITH_RADIUSV11
+ { "radiusv11", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, radiusv11_name), "forbid" },
+#endif
+
{ "hostname", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, client_hostname), NULL },
CONF_PARSER_TERMINATOR
projects / thirdparty / freeradius-server.git / commitdiff
