Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow for relaxed TLS configuration.
Current the verify_peer flag is hardcoded to true for the console programs. It would be nice if we would allow a somewhat relaxed TLS mode that allows to establish a TLS connection without the need for very strict certificate checking which is done now. The default setting is the same as before but the administrator can relax this setting by setting the "TLS Verify Peer" option to false in a definition of the client connection. This doesn't have severe security implications as the authorization with challenge response (md5 hashes) is done before the TLS handshake. So this means you can have the same security as a non TLS connection but with a relaxed config which means you get a encrypted datastream even when you haven't put the whole certificate enrollment in place e.g. CA certificate and potentially client certificates. Protocols like LDAPS and ESMTP also allow this. This is also the first version of the GNUTLS code that allows an TLS encrypted session with the GNUTLS library as a replacement for the openssl code. This currently is only tested with the relaxed TLS configuration options set e.g. TLS Verify Peer = no Fixes #122: Allow for relaxed TLS configuration.
- Loading branch information
Marco van Wieringen
committed
May 5, 2013
1 parent
dff7954
commit 26ae999
Showing
15 changed files
with
190 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.