Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00
Code Releases Activity

Re-allow anonymous connection for connection without client certificates

Browse Source 
This fixes issue #3985. Initial issue was introduced in
5506b838c8 adding tls client cert
authentication.
This commit is contained in:
Paweł Chmielowski 2023-02-01 16:58:25 +01:00
parent 74c9aa8ac0
commit 1a6baf223c
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/mod_mqtt_session.erl
View File

@ -1214,7 +1214,13 @@ authenticate(#connect{password = Pass, properties = Props} = Pkt, State) ->
true -> true ->
{ok, JID, pkix}; {ok, JID, pkix};
false -> false ->
{error, 'not-authorized'} {error, 'not-authorized'};
no_cert ->
case ejabberd_auth:check_password_with_authmodule(
LUser, <<>>, LServer, Pass) of
{true, AuthModule} -> {ok, JID, AuthModule};
false -> {error, 'not-authorized'}
end
end; end;
_ -> _ ->
case ejabberd_auth:check_password_with_authmodule( case ejabberd_auth:check_password_with_authmodule(
@ -1230,7 +1236,7 @@ authenticate(#connect{password = Pass, properties = Props} = Pkt, State) ->
-spec tls_auth(jid:jid(), state()) -> boolean(). -spec tls_auth(jid:jid(), state()) -> boolean().
tls_auth(_JID, #state{tls_verify = false}) -> tls_auth(_JID, #state{tls_verify = false}) ->
false; no_cert;
tls_auth(JID, State) -> tls_auth(JID, State) ->
case State#state.socket of case State#state.socket of
{fast_tls, Sock} -> {fast_tls, Sock} ->
@ -1251,10 +1257,10 @@ tls_auth(JID, State) ->
false false
end; end;
error -> error ->
false no_cert
end; end;
_ -> _ ->
false no_cert
end. end.
get_cert_jid(Cert) -> get_cert_jid(Cert) ->