summaryrefslogtreecommitdiff
path: root/src/irmd/oap/io.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/irmd/oap/io.c')
-rw-r--r--src/irmd/oap/io.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/irmd/oap/io.c b/src/irmd/oap/io.c
index 24d33e60..5c560ea5 100644
--- a/src/irmd/oap/io.c
+++ b/src/irmd/oap/io.c
@@ -100,6 +100,8 @@ int load_kex_config(const char * name,
const char * path,
struct sec_config * cfg)
{
+ void * pin;
+
assert(name != NULL);
assert(cfg != NULL);
@@ -112,6 +114,15 @@ int load_kex_config(const char * name,
return -1;
}
+ if (cfg->cacert[0] != '\0') {
+ if (crypt_load_crt_file(cfg->cacert, &pin) < 0) {
+ log_err("Failed to load pinned CA %s for %s.",
+ cfg->cacert, name);
+ return -EAUTH;
+ }
+ crypt_free_crt(pin);
+ }
+
if (!IS_KEX_ALGO_SET(cfg)) {
log_info("Key exchange not configured for %s.", name);
return 0;