]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
login-common: Allow invalid client cert if ssl_server_request_client_cert=any-cert
authorAki Tuomi <aki.tuomi@open-xchange.com>
Fri, 14 Feb 2025 13:29:33 +0000 (15:29 +0200)
committeraki.tuomi <aki.tuomi@open-xchange.com>
Mon, 26 May 2025 05:39:13 +0000 (05:39 +0000)
src/login-common/client-common.c

index 20b79cc59ec1f3d3b87bcbef75c39d0712487a86..3aaddb7ed3285341d746e7cfbe12dbc395b84e1a 100644 (file)
@@ -1360,7 +1360,8 @@ bool client_get_extra_disconnect_reason(struct client *client,
                        *human_reason_r = "client didn't send a cert";
                        return TRUE;
                }
-               if (!ssl_iostream_has_valid_client_cert(client->ssl_iostream)) {
+               if (client->ssl_server_set->parsed_opts.verify_client_cert &&
+                   !ssl_iostream_has_valid_client_cert(client->ssl_iostream)) {
                        *event_reason_r = "client_ssl_cert_untrusted";
                        *human_reason_r = "client sent an untrusted cert";
                        return TRUE;