From 80cc8cc8749b2fb42266577f7dc0449a572647bd Mon Sep 17 00:00:00 2001
From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 4 Nov 2022 23:50:49 +0200
Subject: [PATCH] login-common: Connections from haproxy are always considered
 secured

Similarly to non-haproxy connections from login_trusted_networks are
considered secured, connections from haproxy_trusted_networks should also be
considered secured.
---
 src/login-common/client-common.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index fb5047c289..a4c632f8c8 100644
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -217,9 +217,10 @@ client_alloc(int fd, pool_t pool,
 	client->connection_trusted = client_is_trusted(client);
 
 	if (conn->haproxied) {
+		/* haproxy connections are always coming from
+		   haproxy_trusted_networks, so we consider them secured. */
+		client->connection_secured = TRUE;
 		client->haproxy_terminated_tls = conn->haproxy.ssl;
-		client->connection_secured = conn->haproxy.ssl ||
-			client->connection_trusted;
 		client->end_client_tls_secured = conn->haproxy.ssl;
 		client->local_name = conn->haproxy.hostname;
 		client->client_cert_common_name = conn->haproxy.cert_common_name;
-- 
2.47.3