diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-21 11:04:01 +0200 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-05-21 11:04:01 +0200 |
commit | cb8188da16d0ff66ef6bc2f9b0b52554651f06b2 (patch) | |
tree | 0bca5cfb1f22e45ed149157f13e9123c5c9a7499 /runtime/nsd_gtls.c | |
parent | 2b90fa41fd1ff69a241af01dbabac579f3be213e (diff) | |
download | rsyslog-cb8188da16d0ff66ef6bc2f9b0b52554651f06b2.tar.gz rsyslog-cb8188da16d0ff66ef6bc2f9b0b52554651f06b2.tar.xz rsyslog-cb8188da16d0ff66ef6bc2f9b0b52554651f06b2.zip |
re-enabled anon mode (failed if client did not provide cert)
Diffstat (limited to 'runtime/nsd_gtls.c')
-rw-r--r-- | runtime/nsd_gtls.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c index ff162754..fd7a502a 100644 --- a/runtime/nsd_gtls.c +++ b/runtime/nsd_gtls.c @@ -270,6 +270,12 @@ gtlsChkFingerprint(nsd_gtls_t *pThis) ISOBJ_TYPE_assert(pThis, nsd_gtls); + /* first check if we need to do fingerprint authentication - if not, we + * are already set ;) -- rgerhards, 2008-05-21 + */ + if(pThis->authMode != GTLS_AUTH_CERTFINGERPRINT) + FINALIZE; + /* This function only works for X.509 certificates. */ if(gnutls_certificate_type_get(pThis->sess) != GNUTLS_CRT_X509) return RS_RET_TLS_CERT_ERR; @@ -295,9 +301,6 @@ gtlsChkFingerprint(nsd_gtls_t *pThis) CHKiRet(GenFingerprintStr(fingerprint, size, &pstrFingerprint)); dbgprintf("peer's certificate SHA1 fingerprint: %s\n", rsCStrGetSzStr(pstrFingerprint)); - if(pThis->authMode != GTLS_AUTH_CERTFINGERPRINT) - FINALIZE; - /* now search through the permitted peers to see if we can find a permitted one */ bFoundPositiveMatch = 0; pPeer = pThis->pPermPeers; |