char *crl_dir = NULL; /* directory containing CRL files */
char *crl_file = NULL; /* Certificate Revocation List (CRL) file (pem format) */
char *max_tls_version = NULL; /* Maximum TLS protocol version (default=1.2) */
+char *tls_verify_method = NULL;
+bool tls_verify_key_usage = 0;
bool need_peer_eap = 0; /* Require peer to authenticate us */
#endif
{ "crl", o_string, &crl_file, "Use specific CRL file" },
{ "max-tls-version", o_string, &max_tls_version,
"Maximum TLS version (1.0/1.1/1.2 (default)/1.3)" },
+ { "tls-verify-key-usage", o_bool, &tls_verify_key_usage,
+ "Verify certificate type and extended key usage" },
+ { "tls-verify-method", o_string, &tls_verify_method,
+ "Verify peer by method (none|subject|name|suffix)" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
#endif /* USE_EAPTLS */
/*
* If the peer had to authenticate, run the auth-up script now.
*/
+ notify(auth_up_notifier, 0);
if (go->neg_chap || go->neg_upap || go->neg_eap) {
- notify(auth_up_notifier, 0);
auth_state = s_up;
if (auth_script_state == s_down && auth_script_pid == 0) {
auth_script_state = s_up;