S2S-TLS/GnuTLS: Fix handling of connections without peer certificates

author: Alexander Barton <alex@barton.de> 2024-01-06 19:57:50 +0100
committer: Alexander Barton <alex@barton.de> 2024-03-23 20:19:01 +0100
commit: 8cef3ce42cd645a3ffb0e1eded52b8b77bb8caff (patch)
tree: 43f35931af1249176dbc0a51fe03e5cf1edb2401
parent: 180e2ec1359378172135472148c99a2d14e873cc (diff)
download: ngircd-8cef3ce42cd645a3ffb0e1eded52b8b77bb8caff.tar.gz
ngircd-8cef3ce42cd645a3ffb0e1eded52b8b77bb8caff.zip
1 files changed, 4 insertions, 5 deletions
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 7fb81839..ea0e3d1b 100644
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -1000,16 +1000,15 @@ ConnSSL_LogCertInfo( CONNECTION * c, bool connect)
 	    gnutls_mac_get_name(gnutls_mac_get(sess)));
 	cred = gnutls_auth_get_type(c->ssl_state.gnutls_session);
 	if (cred == GNUTLS_CRD_CERTIFICATE) {
-		cert_seen = true;
-
 		gnutls_x509_crt_t cert;
 		unsigned cert_list_size;
 		const gnutls_datum_t *cert_list =
 		    gnutls_certificate_get_peers(sess, &cert_list_size);
-		if (!cert_list || cert_list_size == 0) {
-			Log(LOG_ERR, "No certificates found");
+
+		if (!cert_list || cert_list_size == 0)
 			goto done_cn_validation;
-		}
+
+		cert_seen = true;
 		int err = gnutls_x509_crt_init(&cert);
 		if (err < 0) {
 			Log(LOG_ERR,
author	Alexander Barton <alex@barton.de>	2024-01-06 19:57:50 +0100
committer	Alexander Barton <alex@barton.de>	2024-03-23 20:19:01 +0100
commit	8cef3ce42cd645a3ffb0e1eded52b8b77bb8caff (patch)
tree	43f35931af1249176dbc0a51fe03e5cf1edb2401
parent	180e2ec1359378172135472148c99a2d14e873cc (diff)
download	ngircd-8cef3ce42cd645a3ffb0e1eded52b8b77bb8caff.tar.gz ngircd-8cef3ce42cd645a3ffb0e1eded52b8b77bb8caff.zip