Only run verify certificate sub request if the section exists

diff --git a/src/lib/tls/conf.c b/src/lib/tls/conf.c
index d9f5366b61d42137e3409cd9bb19c4bc2021a45b..5b20b6e825632618537ae4615144ef61244def9a 100644 (file)
--- a/src/lib/tls/conf.c
+++ b/src/lib/tls/conf.c
@@ -249,10 +249,7 @@ static int tls_virtual_server_cf_parse(TALLOC_CTX *ctx, void *out, void *parent,
 
        if (virtual_server_cf_parse(ctx, out, parent, ci, rule) < 0) return -1;
 
-       if (!conf->virtual_server) {
-               conf->verify_certificate = false;
-               return 0;
-       }
+       if (!conf->virtual_server) return 0;
 
        conf->verify_certificate = cf_section_find(conf->virtual_server, "verify", "certificate") ? true : false;
        return 0;

diff --git a/src/lib/tls/verify.c b/src/lib/tls/verify.c
index fc064f3f3cc180bc601c4ad444ccaccad95d7d35..5cb32159b53a6d2ad1a4b7eb72683f5f2e8162ce 100644 (file)
--- a/src/lib/tls/verify.c
+++ b/src/lib/tls/verify.c
@@ -274,7 +274,7 @@ done:
         *      have been added by this point.
         */
        if (my_ok && (depth == 0)) {
-               if (conf->virtual_server && tls_session->verify_client_cert) {
+               if (conf->verify_certificate && tls_session->verify_client_cert) {
                        RDEBUG2("Requesting certificate validation");
 
                        /*