From: Nick Porter <nick@portercomputing.co.uk>
Date: Mon, 13 Jan 2025 17:37:37 +0000 (+0000)
Subject: Parse client specific tls conf sections
X-Git-Tag: release_3_2_7~29
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f3092b2ae8840f3b768d12c3023f7cd50ab7bbf;p=thirdparty%2Ffreeradius-server.git

Parse client specific tls conf sections
---

diff --git a/src/include/clients.h b/src/include/clients.h
index 7e962b6797..5ebca8a2a6 100644
--- a/src/include/clients.h
+++ b/src/include/clients.h
@@ -79,7 +79,7 @@ typedef struct radclient {
 #endif
 #ifdef WITH_TLS
 	bool			tls_required;		//!< whether TLS encryption is required.
-
+	fr_tls_server_conf_t	*tls;
 #ifdef WITH_RADIUSV11
 	char const		*radiusv11_name;
 	fr_radiusv11_t 		radiusv11;
diff --git a/src/main/client.c b/src/main/client.c
index 2c3581b2c7..9e9912a3c6 100644
--- a/src/main/client.c
+++ b/src/main/client.c
@@ -897,6 +897,7 @@ RADCLIENT *client_afrom_cs(TALLOC_CTX *ctx, CONF_SECTION *cs, bool in_server, bo
 {
 	RADCLIENT	*c;
 	char const	*name2;
+	CONF_SECTION	*tls;
 
 	name2 = cf_section_name2(cs);
 	if (!name2) {
@@ -938,6 +939,17 @@ RADCLIENT *client_afrom_cs(TALLOC_CTX *ctx, CONF_SECTION *cs, bool in_server, bo
 		return NULL;
 	}
 
+	/*
+	 *	Check the TLS configuration.
+	 */
+	tls = cf_section_sub_find(cs, "tls");
+#ifndef WITH_TLS
+	if (tls) {
+		cf_log_err_cs(cs, "TLS transport is not available in this executable");
+		goto error;
+	}
+#endif
+
 	/*
 	 *	Global clients can set servers to use, per-server clients cannot.
 	 */
@@ -1228,6 +1240,13 @@ done_coa:
 		     c->shortname);
 	}
 
+#ifdef WITH_TLS
+	if (tls) {
+		c->tls = tls_client_conf_parse(tls);
+		if (!c->tls) goto error;
+	}
+#endif
+
 	return c;
 }