re-enabled anon mode (failed if client did not provide cert)

2 files changed, 7 insertions, 4 deletions

diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index ff162754..fd7a502a 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -270,6 +270,12 @@ gtlsChkFingerprint(nsd_gtls_t *pThis)
 
 	ISOBJ_TYPE_assert(pThis, nsd_gtls);
 
+	/* first check if we need to do fingerprint authentication - if not, we
+	 * are already set ;) -- rgerhards, 2008-05-21
+	 */
+	if(pThis->authMode != GTLS_AUTH_CERTFINGERPRINT)
+		FINALIZE;
+	
 	/* This function only works for X.509 certificates.  */
 	if(gnutls_certificate_type_get(pThis->sess) != GNUTLS_CRT_X509)
 		return RS_RET_TLS_CERT_ERR;
@@ -295,9 +301,6 @@ gtlsChkFingerprint(nsd_gtls_t *pThis)
 	CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint));
 	dbgprintf("peer's certificate SHA1 fingerprint: %s\n", rsCStrGetSzStr(pstrFingerprint));
 
-	if(pThis->authMode != GTLS_AUTH_CERTFINGERPRINT)
-		FINALIZE;
-	
 	/* now search through the permitted peers to see if we can find a permitted one */
 	bFoundPositiveMatch = 0;
 	pPeer = pThis->pPermPeers;
diff --git a/tcpsrv.c b/tcpsrv.c
index 9b3553f1..dca6eb0c 100644
--- a/tcpsrv.c
+++ b/tcpsrv.c
@@ -458,7 +458,7 @@ Run(tcpsrv_t *pThis)
 					tcps_sess.Destruct(&pThis->pSessions[iTCPSess]);
 				} else if(state == -1) {
 					errno = 0;
-					errmsg.LogError(NO_ERRCODE, "netstream session %p will be closed, error ignored\n",
+					errmsg.LogError(NO_ERRCODE, "netstream session %p will be closed due to error\n",
 							pThis->pSessions[iTCPSess]->pStrm);
 					pThis->pOnErrClose(pThis->pSessions[iTCPSess]);
 					tcps_sess.Destruct(&pThis->pSessions[iTCPSess]);