Fix org#2714 Fails to take TLS Allowed CN into account

- verify_list is never used

diff --git a/bacula/src/lib/authenticatebase.cc b/bacula/src/lib/authenticatebase.cc
index fffe046fc3475e286a52fbf860ac85fbfb8eeb3e..fdf75970d0c4b9f84f66b1e17e51dc56f110a0f7 100644 (file)
--- a/bacula/src/lib/authenticatebase.cc
+++ b/bacula/src/lib/authenticatebase.cc
@@ -44,7 +44,6 @@ tls_remote_need(BNET_TLS_NONE),
 tls_authenticate(false),
 tls_verify_peer(false),
 tls_verify_list(NULL),
-verify_list(NULL),
 tls_ctx(NULL),
 psk_ctx(NULL),
 ctx(NULL),
@@ -589,8 +588,8 @@ bool AuthenticateBase::HandleTLS()
       // Qmsg0(jcr, M_INFO, 0, _("Start connection in CLEAR-TEXT\n"));
    }
    if (ctx != NULL) {
-      if ((local_type==dtCli && !bnet_tls_client(ctx, bsock, verify_list, password)) ||
-          (local_type==dtSrv && !bnet_tls_server(ctx, bsock, verify_list, password)))
+      if ((local_type==dtCli && !bnet_tls_client(ctx, bsock, tls_verify_list, password)) ||
+          (local_type==dtSrv && !bnet_tls_server(ctx, bsock, tls_verify_list, password)))
       {
          // errmsg set by bnet_tls_server/bnet_tls_client
          pm_strcpy(errmsg, bsock->errmsg);

diff --git a/bacula/src/lib/authenticatebase.h b/bacula/src/lib/authenticatebase.h
index 9394f7660d67270529316861f8badb08f5d65c48..be03a8863f636df962a5dc53c1b4674eb94f1834 100644 (file)
--- a/bacula/src/lib/authenticatebase.h
+++ b/bacula/src/lib/authenticatebase.h
@@ -57,7 +57,6 @@ protected:
    bool tls_authenticate;
    bool tls_verify_peer;
    alist *tls_verify_list;
-   alist *verify_list;
    TLS_CONTEXT *tls_ctx;
    TLS_CONTEXT *psk_ctx;
    TLS_CONTEXT *ctx;