Test to allow loading certificate from file

FreeRADIUS · Mar 7, 2016 · efa1b42 · efa1b42
1 parent 3d63419
commit efa1b42
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
@@ -588,6 +588,7 @@ ATTRIBUTE	TLS-Client-Cert-X509v3-Basic-Constraints 1930	string internal
 ATTRIBUTE	TLS-Client-Cert-Subject-Alt-Name-Dns	1931	string internal
 ATTRIBUTE	TLS-Client-Cert-Subject-Alt-Name-Upn	1932	string internal
 ATTRIBUTE	TLS-PSK-Identity			1933	string internal
+ATTRIBUTE	TLS-Session-Cert-File			1934	string internal
 
 # 1934 - 1939: reserved for future cert attributes
 

diff --git a/src/main/tls.c b/src/main/tls.c
@@ -544,6 +544,29 @@ tls_session_t *tls_session_init_server(TALLOC_CTX *ctx, fr_tls_server_conf_t *co
 	SSL_set_msg_callback_arg(new_tls, session);
 	SSL_set_info_callback(new_tls, cbtls_info);
 
+
+#ifdef WITH_TLS_SESSION_CERTS
+	/*
+	 *	Add the session certificate to the session.
+	 */
+	vp = fr_pair_find_by_num(request->state, 0, PW_TLS_SESSION_CERT_FILE, TAG_ANY);
+	if (vp) {
+		if (SSL_use_certificate_file(new_tls, vp->vp_strvalue, SSL_FILETYPE_PEM) != 1) {
+			REDEBUG("Failed loading TLS session certificate from file %s", vp->vp_strvalue);
+
+			while ((e = ERR_get_error()) != 0) {
+				char const *p;
+
+				p = ERR_error_string(e, NULL);
+				if (p) REDEBUG("%s", p);
+			}
+
+		} else {
+			RDEBUG("Loaded TLS session ertificate from file %s", vp->vp_strvalue);
+		}
+	}
+#endif
+
 	/*
 	 *	In Server mode we only accept.
 	 */