From: Nick Porter <nick@portercomputing.co.uk>
Date: Tue, 10 Dec 2024 09:47:19 +0000 (+0000)
Subject: Only run verify certificate sub request if the section exists
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e8cb5e44fe401354b56d7a25114856ca4e589e5;p=thirdparty%2Ffreeradius-server.git

Only run verify certificate sub request if the section exists
---

diff --git a/src/lib/tls/conf.c b/src/lib/tls/conf.c
index d9f5366b61d..5b20b6e8256 100644
--- a/src/lib/tls/conf.c
+++ b/src/lib/tls/conf.c
@@ -249,10 +249,7 @@ static int tls_virtual_server_cf_parse(TALLOC_CTX *ctx, void *out, void *parent,
 
 	if (virtual_server_cf_parse(ctx, out, parent, ci, rule) < 0) return -1;
 
-	if (!conf->virtual_server) {
-		conf->verify_certificate = false;
-		return 0;
-	}
+	if (!conf->virtual_server) return 0;
 
 	conf->verify_certificate = cf_section_find(conf->virtual_server, "verify", "certificate") ? true : false;
 	return 0;
diff --git a/src/lib/tls/verify.c b/src/lib/tls/verify.c
index fc064f3f3cc..5cb32159b53 100644
--- a/src/lib/tls/verify.c
+++ b/src/lib/tls/verify.c
@@ -274,7 +274,7 @@ done:
 	 *	have been added by this point.
 	 */
 	if (my_ok && (depth == 0)) {
-		if (conf->virtual_server && tls_session->verify_client_cert) {
+		if (conf->verify_certificate && tls_session->verify_client_cert) {
 			RDEBUG2("Requesting certificate validation");
 
 			/*