From: Alain Spineux <alain@baculasystems.com>
Date: Tue, 16 Apr 2024 13:38:57 +0000 (+0200)
Subject: Fix org#2714 Fails to take TLS Allowed CN into account
X-Git-Tag: Release-15.0.3~76
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8fb221f412785390d2789184afd83d26db4b4531;p=thirdparty%2Fbacula.git

Fix org#2714 Fails to take TLS Allowed CN into account

- verify_list is never used
---

diff --git a/bacula/src/lib/authenticatebase.cc b/bacula/src/lib/authenticatebase.cc
index fffe046fc..fdf75970d 100644
--- a/bacula/src/lib/authenticatebase.cc
+++ b/bacula/src/lib/authenticatebase.cc
@@ -44,7 +44,6 @@ tls_remote_need(BNET_TLS_NONE),
 tls_authenticate(false),
 tls_verify_peer(false),
 tls_verify_list(NULL),
-verify_list(NULL),
 tls_ctx(NULL),
 psk_ctx(NULL),
 ctx(NULL),
@@ -589,8 +588,8 @@ bool AuthenticateBase::HandleTLS()
       // Qmsg0(jcr, M_INFO, 0, _("Start connection in CLEAR-TEXT\n"));
    }
    if (ctx != NULL) {
-      if ((local_type==dtCli && !bnet_tls_client(ctx, bsock, verify_list, password)) ||
-          (local_type==dtSrv && !bnet_tls_server(ctx, bsock, verify_list, password)))
+      if ((local_type==dtCli && !bnet_tls_client(ctx, bsock, tls_verify_list, password)) ||
+          (local_type==dtSrv && !bnet_tls_server(ctx, bsock, tls_verify_list, password)))
       {
          // errmsg set by bnet_tls_server/bnet_tls_client
          pm_strcpy(errmsg, bsock->errmsg);
diff --git a/bacula/src/lib/authenticatebase.h b/bacula/src/lib/authenticatebase.h
index 9394f7660..be03a8863 100644
--- a/bacula/src/lib/authenticatebase.h
+++ b/bacula/src/lib/authenticatebase.h
@@ -57,7 +57,6 @@ protected:
    bool tls_authenticate;
    bool tls_verify_peer;
    alist *tls_verify_list;
-   alist *verify_list;
    TLS_CONTEXT *tls_ctx;
    TLS_CONTEXT *psk_ctx;
    TLS_CONTEXT *ctx;