diff options
Diffstat (limited to 'src/irmd/oap/srv.c')
| -rw-r--r-- | src/irmd/oap/srv.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/irmd/oap/srv.c b/src/irmd/oap/srv.c index 587a8f9f..08b4d9d2 100644 --- a/src/irmd/oap/srv.c +++ b/src/irmd/oap/srv.c @@ -73,6 +73,9 @@ int load_srv_kex_config(const struct name_info * info, assert(info != NULL); assert(cfg != NULL); + memset(cfg, 0, sizeof(*cfg)); + + /* Client auth stays opt-in (mTLS); enable with auth=required */ return load_kex_config(info->name, info->s.enc, cfg); } @@ -441,6 +444,11 @@ int oap_srv_process(const struct name_info * info, goto fail_auth; } + if (kcfg.req_auth && peer_hdr.crt.len == 0) { + log_err_id(id, "Client did not provide a certificate."); + goto fail_auth; + } + if (do_server_kex(info, &peer_hdr, &kcfg, &local_hdr.kex, sk) < 0) goto fail_kex; |
