Add support for arbitrary client-to-server certificate CN matching (TLS Allowed CN...

[bacula/bacula] / bacula / src / dird / authenticate.c

diff --git a/bacula/src/dird/authenticate.c b/bacula/src/dird/authenticate.c
index a8fdbbbdda11097d7df2f058827c0c6b512df770..23b5d5f4f570005e6b78f6e049a52f6f9419fc78 100644 (file)
--- a/bacula/src/dird/authenticate.c
+++ b/bacula/src/dird/authenticate.c
@@ -131,7 +131,7 @@ bool authenticate_storage_daemon(JCR *jcr, STORE *store)
    /* Is TLS Enabled? */
    if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
       /* Engage TLS! Full Speed Ahead! */
-      if (!bnet_tls_client(store->tls_ctx, sd)) {
+      if (!bnet_tls_client(store->tls_ctx, sd, NULL)) {
          stop_bsock_timer(tid);
          Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed with SD on \"%s:%d\"\n"),
             sd->host(), sd->port());
@@ -235,7 +235,8 @@ int authenticate_file_daemon(JCR *jcr)
    /* Is TLS Enabled? */
    if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
       /* Engage TLS! Full Speed Ahead! */
-      if (!bnet_tls_client(client->tls_ctx, fd)) {
+      if (!bnet_tls_client(client->tls_ctx, fd, client->tls_allowed_cns)) {
+
          stop_bsock_timer(tid);
          Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed with FD on \"%s:%d\".\n"),
               fd->host(), fd->port());