login-common: Connections from haproxy are always considered secured

Similarly to non-haproxy connections from login_trusted_networks are
considered secured, connections from haproxy_trusted_networks should also be
considered secured.

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index fb5047c2895eac81f2bbd27e490ab7d640a45fba..a4c632f8c8270855b192b5a6adfda5a300bb7777 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -217,9 +217,10 @@ client_alloc(int fd, pool_t pool,
        client->connection_trusted = client_is_trusted(client);
 
        if (conn->haproxied) {
+               /* haproxy connections are always coming from
+                  haproxy_trusted_networks, so we consider them secured. */
+               client->connection_secured = TRUE;
                client->haproxy_terminated_tls = conn->haproxy.ssl;
-               client->connection_secured = conn->haproxy.ssl ||
-                       client->connection_trusted;
                client->end_client_tls_secured = conn->haproxy.ssl;
                client->local_name = conn->haproxy.hostname;
                client->client_cert_common_name = conn->haproxy.cert_common_name;