From 3b5c252784fcd73c1f7c75301c3ef058a9a15397 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Fri, 23 May 2008 11:39:37 +0200
Subject: checking if client provided a cert and complain if not

---
 runtime/nsd_gtls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 59cd398c..aec3f0c5 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -638,7 +638,9 @@ gtlsChkPeerCertValidity(nsd_gtls_t *pThis)
 
 	ISOBJ_TYPE_assert(pThis, nsd_gtls);
 	gnuRet = gnutls_certificate_verify_peers(pThis->sess);
-	if(gnuRet < 1)
+	if(gnuRet == GNUTLS_E_NO_CERTIFICATE_FOUND) {
+		errmsg.LogError(NO_ERRCODE, "peer did not provide a certificate, not permitted to talk to it");
+	} else if(gnuRet < 1)
 		CHKgnutls(gnuRet);
 
 	if(gnuRet & GNUTLS_CERT_INVALID) {
-- 
cgit