mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-22 17:28:25 +01:00
Re-allow anonymous connection for connection without client certificates
This fixes issue #3985. Initial issue was introduced in
5506b838c8
adding tls client cert
authentication.
This commit is contained in:
parent
74c9aa8ac0
commit
1a6baf223c
@ -1214,7 +1214,13 @@ authenticate(#connect{password = Pass, properties = Props} = Pkt, State) ->
|
||||
true ->
|
||||
{ok, JID, pkix};
|
||||
false ->
|
||||
{error, 'not-authorized'}
|
||||
{error, 'not-authorized'};
|
||||
no_cert ->
|
||||
case ejabberd_auth:check_password_with_authmodule(
|
||||
LUser, <<>>, LServer, Pass) of
|
||||
{true, AuthModule} -> {ok, JID, AuthModule};
|
||||
false -> {error, 'not-authorized'}
|
||||
end
|
||||
end;
|
||||
_ ->
|
||||
case ejabberd_auth:check_password_with_authmodule(
|
||||
@ -1230,7 +1236,7 @@ authenticate(#connect{password = Pass, properties = Props} = Pkt, State) ->
|
||||
|
||||
-spec tls_auth(jid:jid(), state()) -> boolean().
|
||||
tls_auth(_JID, #state{tls_verify = false}) ->
|
||||
false;
|
||||
no_cert;
|
||||
tls_auth(JID, State) ->
|
||||
case State#state.socket of
|
||||
{fast_tls, Sock} ->
|
||||
@ -1251,10 +1257,10 @@ tls_auth(JID, State) ->
|
||||
false
|
||||
end;
|
||||
error ->
|
||||
false
|
||||
no_cert
|
||||
end;
|
||||
_ ->
|
||||
false
|
||||
no_cert
|
||||
end.
|
||||
|
||||
get_cert_jid(Cert) ->
|
||||
|
Loading…
Reference in New Issue
Block a user