add `verifyname' option for `proxy' rule

author: Omar Polo <op@omarpolo.com> 2022-01-01 18:50:10 +0000
committer: Omar Polo <op@omarpolo.com> 2022-01-01 18:50:10 +0000
commit: 5128c0b0e3b51737783c4c68c9e34a76ec8c8b0e (patch)
tree: 00ad1dc18d6ad0e51242f698fdf75999fe25f6c1
parent: 7bdcc91ec70ddde092ac5d7b4f75d54915e7b221 (diff)
3 files changed, 9 insertions, 0 deletions
diff --git a/gmid.h b/gmid.h
index 7da15c2..5f6b000 100644
--- a/gmid.h
+++ b/gmid.h
@@ -100,6 +100,7 @@ extern struct fcgi fcgi[FCGI_MAX];
 struct proxy {
 	char		*host;
 	const char	*port;
+	int		 noverifyname;
 	uint8_t		*cert;
 	size_t		 certlen;
 	uint8_t		*key;
diff --git a/parse.y b/parse.y
index db1ebb6..d215006 100644
--- a/parse.y
+++ b/parse.y
@@ -125,6 +125,7 @@ typedef struct {
 %token	RELAY_TO REQUIRE RETURN ROOT
 %token	SERVER SPAWN STRIP
 %token	TCP TOEXT TYPE USER
+%token	VERIFYNAME
 
 %token	ERROR
 
@@ -327,6 +328,9 @@ proxy_opt	: CERT string {
 				yyerror("proxy port is %s: %s", errstr,
 				    p->port);
 		}
+		| VERIFYNAME bool {
+			host->proxy.noverifyname = !$2;
+		}
 		;
 
 locations	: /* empty */
@@ -468,6 +472,7 @@ static struct keyword {
 	{"to-ext", TOEXT},
 	{"type", TYPE},
 	{"user", USER},
+	{"verifyname", VERIFYNAME},
 };
 
 void
diff --git a/proxy.c b/proxy.c
index 99fd842..87791de 100644
--- a/proxy.c
+++ b/proxy.c
@@ -292,6 +292,9 @@ proxy_init(struct client *c)
 	if ((conf = tls_config_new()) == NULL)
 		return -1;
 
+	if (p->noverifyname)
+		tls_config_insecure_noverifyname(conf);
+
 	/* TODO: tls_config_set_protocols here */
 	tls_config_insecure_noverifycert(conf);
author	Omar Polo <op@omarpolo.com>	2022-01-01 18:50:10 +0000
committer	Omar Polo <op@omarpolo.com>	2022-01-01 18:50:10 +0000
commit	5128c0b0e3b51737783c4c68c9e34a76ec8c8b0e (patch)
tree	00ad1dc18d6ad0e51242f698fdf75999fe25f6c1
parent	7bdcc91ec70ddde092ac5d7b4f75d54915e7b221 (diff)