checking if client provided a cert and complain if not

author: Rainer Gerhards <rgerhards@adiscon.com> 2008-05-23 11:39:37 +0200
committer: Rainer Gerhards <rgerhards@adiscon.com> 2008-05-23 11:39:37 +0200
commit: 3b5c252784fcd73c1f7c75301c3ef058a9a15397 (patch)
tree: a165b94d111ff02bce676da81b5ebd0db7ae9763
parent: b4baf2bda0370c8727c8bd2d20aa89d30f91448f (diff)
download: rsyslog-3b5c252784fcd73c1f7c75301c3ef058a9a15397.tar.gz
rsyslog-3b5c252784fcd73c1f7c75301c3ef058a9a15397.tar.xz
rsyslog-3b5c252784fcd73c1f7c75301c3ef058a9a15397.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 59cd398c..aec3f0c5 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -638,7 +638,9 @@ gtlsChkPeerCertValidity(nsd_gtls_t *pThis)
 
 	ISOBJ_TYPE_assert(pThis, nsd_gtls);
 	gnuRet = gnutls_certificate_verify_peers(pThis->sess);
-	if(gnuRet < 1)
+	if(gnuRet == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+		errmsg.LogError(NO_ERRCODE, "peer did not provide a certificate, not permitted to talk to it");
+	} else if(gnuRet < 1)
 		CHKgnutls(gnuRet);
 
 	if(gnuRet & GNUTLS_CERT_INVALID) {
author	Rainer Gerhards <rgerhards@adiscon.com>	2008-05-23 11:39:37 +0200
committer	Rainer Gerhards <rgerhards@adiscon.com>	2008-05-23 11:39:37 +0200
commit	3b5c252784fcd73c1f7c75301c3ef058a9a15397 (patch)
tree	a165b94d111ff02bce676da81b5ebd0db7ae9763
parent	b4baf2bda0370c8727c8bd2d20aa89d30f91448f (diff)
download	rsyslog-3b5c252784fcd73c1f7c75301c3ef058a9a15397.tar.gz rsyslog-3b5c252784fcd73c1f7c75301c3ef058a9a15397.tar.xz rsyslog-3b5c252784fcd73c1f7c75301c3ef058a9a15397.zip