diff options
author | Gilles Chehade <gilles@poolp.org> | 2015-05-11 08:52:05 +0200 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2015-05-11 08:52:05 +0200 |
commit | c1d2530478170d57c625697c0ae04607ddf0516d (patch) | |
tree | 96c26ad7316b07764dd20306aa46d3832e0a7c4e | |
parent | cleanup SNI code (diff) | |
download | OpenSMTPD-c1d2530478170d57c625697c0ae04607ddf0516d.tar.xz OpenSMTPD-c1d2530478170d57c625697c0ae04607ddf0516d.zip |
if no CA was found, only fail if fallback was not authorizedopensmtpd-201505121835
-rw-r--r-- | smtpd/lka.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/smtpd/lka.c b/smtpd/lka.c index 31b7176b..b621e10c 100644 --- a/smtpd/lka.c +++ b/smtpd/lka.c @@ -689,7 +689,10 @@ lka_certificate_verify_resume(enum imsg_type type, struct ca_vrfy_req_msg *req) if (req->fallback) sca = dict_get(env->sc_ca_dict, "*"); cafile = sca ? sca->ca_cert_file : CA_FILE; - if (sca == NULL || ! lka_X509_verify(req, cafile, NULL)) + + if (sca == NULL && !req->fallback) + resp.status = CA_FAIL; + else if (! lka_X509_verify(req, cafile, NULL)) resp.status = CA_FAIL; else resp.status = CA_OK; |