Only run verify certificate sub request if the section exists

FreeRADIUS · Dec 11, 2024 · 1e8cb5e · 1e8cb5e
1 parent 08cf0c2
commit 1e8cb5e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 5 deletions.
diff --git a/src/lib/tls/conf.c b/src/lib/tls/conf.c
@@ -249,10 +249,7 @@ static int tls_virtual_server_cf_parse(TALLOC_CTX *ctx, void *out, void *parent,
 
 	if (virtual_server_cf_parse(ctx, out, parent, ci, rule) < 0) return -1;
 
-	if (!conf->virtual_server) {
-		conf->verify_certificate = false;
-		return 0;
-	}
+	if (!conf->virtual_server) return 0;
 
 	conf->verify_certificate = cf_section_find(conf->virtual_server, "verify", "certificate") ? true : false;
 	return 0;

diff --git a/src/lib/tls/verify.c b/src/lib/tls/verify.c
@@ -274,7 +274,7 @@ int fr_tls_verify_cert_cb(int ok, X509_STORE_CTX *x509_ctx)
 	 *	have been added by this point.
 	 */
 	if (my_ok && (depth == 0)) {
-		if (conf->virtual_server && tls_session->verify_client_cert) {
+		if (conf->verify_certificate && tls_session->verify_client_cert) {
 			RDEBUG2("Requesting certificate validation");
 
 			/*