Commit acc517b5 authored by Mark Karpilovskij's avatar Mark Karpilovskij Committed by Daniel Salzman

kdig: use @server as hostname for TLS with +tls-ca

parent 362d3689
......@@ -239,8 +239,8 @@ Use TLS with the Opportunistic privacy profile (\fI\%RFC 7858#section\-4.1\fP).
Use TLS with a certificate validation. Certification authority certificates
are loaded from the specified PEM file (default is system certificate storage
if no argument is provided).
Can be specified multiple times. Provide the +tls\-hostname option to activate
strict authentication.
Can be specified multiple times. If the +tls\-hostname option is not provided,
the name of the target server (if specified) is used for strict authentication.
.TP
\fB+\fP[\fBno\fP]\fBtls\-pin\fP=\fIBASE64\fP
Use TLS with the Out\-of\-Band key\-pinned privacy profile (\fI\%RFC 7858#section\-4.2\fP).
......
......@@ -218,8 +218,8 @@ Options
Use TLS with a certificate validation. Certification authority certificates
are loaded from the specified PEM file (default is system certificate storage
if no argument is provided).
Can be specified multiple times. Provide the +tls-hostname option to activate
strict authentication.
Can be specified multiple times. If the +tls-hostname option is not provided,
the name of the target server (if specified) is used for strict authentication.
**+**\ [\ **no**\ ]\ **tls-pin**\ =\ *BASE64*
Use TLS with the Out-of-Band key-pinned privacy profile (:rfc:`7858#section-4.2`).
......
......@@ -1538,6 +1538,12 @@ static void complete_servers(query_t *query, const query_t *conf)
return;
}
}
// Use server name as hostname for TLS if necessary.
if (query->tls.enable && query->tls.hostname == NULL &&
(query->tls.system_ca || !EMPTY_LIST(query->tls.ca_files))) {
query->tls.hostname = strdup(s->name);
}
}
// Use servers from config if any.
} else if (list_size(&conf->servers) > 0) {
......@@ -1557,6 +1563,12 @@ static void complete_servers(query_t *query, const query_t *conf)
return;
}
add_tail(&query->servers, (node_t *)server);
// Use server name as hostname for TLS if necessary.
if (query->tls.enable && query->tls.hostname == NULL &&
(query->tls.system_ca || !EMPTY_LIST(query->tls.ca_files))) {
query->tls.hostname = strdup(s->name);
}
}
// Use system specific.
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment