@@ -57,6 +57,7 @@
.user_cert = NULL,
.user_key = NULL,
.insecure_ssl = -1,
+ .cert_skip_check = -1,
.cipher_list = NULL,
.min_tls = -1,
.seclevel_1 = -1,
@@ -361,6 +362,9 @@
continue;
}
cfg->insecure_ssl = insecure_ssl;
+ } else if (strcmp(key, "cert-skip-check") == 0) {
+ log_warn("Skipping cert check");
+ cfg->cert_skip_check = 1;
} else if (strcmp(key, "cipher-list") == 0) {
free(cfg->cipher_list);
cfg->cipher_list = strdup(val);
@@ -499,6 +503,8 @@
}
if (src->insecure_ssl != invalid_cfg.insecure_ssl)
dst->insecure_ssl = src->insecure_ssl;
+ if (src->cert_skip_check != invalid_cfg.cert_skip_check)
+ dst->cert_skip_check = src->cert_skip_check;
if (src->cipher_list) {
free(dst->cipher_list);
dst->cipher_list = src->cipher_list;
|
[-]
[+]
|
Changed |
_service:tar_git:openfortivpn-1.10.0.tar.gz/src/main.c
^
|
@@ -129,6 +129,7 @@
" Also enable TLSv1.0 if applicable.\n" \
" If your server requires a specific cipher or protocol,\n" \
" consider using --cipher-list and/or --min-tls instead.\n" \
+" --cert-skip-check Skip incoming cert ssl check\n" \
" --cipher-list=<ciphers> Openssl ciphers to use. If default does not work\n" \
" you can try with the cipher suggested in the output\n" \
" of 'openssl s_client -connect <host:port>'\n" \
@@ -200,6 +201,7 @@
.user_cert = NULL,
.user_key = NULL,
.insecure_ssl = 0,
+ .cert_skip_check = 0,
.min_tls = 0,
.seclevel_1 = 0,
.cipher_list = NULL,
@@ -230,6 +232,7 @@
{"user-key", required_argument, 0, 0},
{"trusted-cert", required_argument, 0, 0},
{"insecure-ssl", no_argument, &cli_cfg.insecure_ssl, 1},
+ {"cert-skip-check", no_argument, &cli_cfg.cert_skip_check, 1 },
{"cipher-list", required_argument, 0, 0},
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
{"min-tls", required_argument, 0, 0},
@@ -539,9 +542,7 @@
log_debug("One-time password = \"%s\"\n", cfg.otp);
if (geteuid() != 0) {
- log_error("This process was not spawned with root privileges, which are required.\n");
- ret = EXIT_FAILURE;
- goto exit;
+ log_warn("This process was not spawned with root privileges, which are required.\n");
}
do {
|