Commit Diff
Diff:
7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
5128c0b0e3b51737783c4c68c9e34a76ec8c8b0e
Commit:
5128c0b0e3b51737783c4c68c9e34a76ec8c8b0e
Tree:
00ad1dc18d6ad0e51242f698fdf75999fe25f6c1
Author:
Omar Polo <op@omarpolo.com>
Date:
Sat Jan 1 18:50:10 2022 UTC
Message:
add `verifyname' option for `proxy' rule
commit - 7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
commit + 5128c0b0e3b51737783c4c68c9e34a76ec8c8b0e
blob - 7da15c2fe0a8d64a86e8e331a6807f6a8dea0f29
blob + 5f6b000d448e4bd597c4e0704733418c6c1a3e4a
--- gmid.h
+++ gmid.h
@@ -100,6 +100,7 @@ struct proxy {
struct proxy {
char *host;
const char *port;
+ int noverifyname;
uint8_t *cert;
size_t certlen;
uint8_t *key;
blob - db1ebb661db97c3967c7356fbf55ed043ef1bc54
blob + d21500672c4d2f4947b4c517dce81d052c0e3820
--- parse.y
+++ parse.y
@@ -125,6 +125,7 @@ typedef struct {
%token RELAY_TO REQUIRE RETURN ROOT
%token SERVER SPAWN STRIP
%token TCP TOEXT TYPE USER
+%token VERIFYNAME
%token ERROR
@@ -327,6 +328,9 @@ proxy_opt : CERT string {
yyerror("proxy port is %s: %s", errstr,
p->port);
}
+ | VERIFYNAME bool {
+ host->proxy.noverifyname = !$2;
+ }
;
locations : /* empty */
@@ -468,6 +472,7 @@ static struct keyword {
{"to-ext", TOEXT},
{"type", TYPE},
{"user", USER},
+ {"verifyname", VERIFYNAME},
};
void
blob - 99fd84213f8ac958ba1be3c02189ac5a83d5996a
blob + 87791deac3d9c75cb89b0928b32b794dba64725e
--- proxy.c
+++ proxy.c
@@ -292,6 +292,9 @@ proxy_init(struct client *c)
if ((conf = tls_config_new()) == NULL)
return -1;
+ if (p->noverifyname)
+ tls_config_insecure_noverifyname(conf);
+
/* TODO: tls_config_set_protocols here */
tls_config_insecure_noverifycert(conf);
Omar Polo