25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-22 17:28:25 +01:00

Re-allow anonymous connection for connection without client certificates

This fixes issue #3985. Initial issue was introduced in
5506b838c8 adding tls client cert
authentication.
This commit is contained in:
Paweł Chmielowski 2023-02-01 16:58:25 +01:00
parent 74c9aa8ac0
commit 1a6baf223c

View File

@ -1214,7 +1214,13 @@ authenticate(#connect{password = Pass, properties = Props} = Pkt, State) ->
true ->
{ok, JID, pkix};
false ->
{error, 'not-authorized'}
{error, 'not-authorized'};
no_cert ->
case ejabberd_auth:check_password_with_authmodule(
LUser, <<>>, LServer, Pass) of
{true, AuthModule} -> {ok, JID, AuthModule};
false -> {error, 'not-authorized'}
end
end;
_ ->
case ejabberd_auth:check_password_with_authmodule(
@ -1230,7 +1236,7 @@ authenticate(#connect{password = Pass, properties = Props} = Pkt, State) ->
-spec tls_auth(jid:jid(), state()) -> boolean().
tls_auth(_JID, #state{tls_verify = false}) ->
false;
no_cert;
tls_auth(JID, State) ->
case State#state.socket of
{fast_tls, Sock} ->
@ -1251,10 +1257,10 @@ tls_auth(JID, State) ->
false
end;
error ->
false
no_cert
end;
_ ->
false
no_cert
end.
get_cert_jid(Cert) ->