Commit 77cdefe1 authored by akrherz's avatar akrherz

OF-1282 properly handle setting TLS_CERTIFICATE_VERIFY of false

parent 34beb388
...@@ -335,7 +335,9 @@ public class SASLAuthentication { ...@@ -335,7 +335,9 @@ public class SASLAuthentication {
{ {
// Flag that indicates if certificates of the remote server should be validated. // Flag that indicates if certificates of the remote server should be validated.
final boolean verify = JiveGlobals.getBooleanProperty( ConnectionSettings.Server.TLS_CERTIFICATE_VERIFY, true ); final boolean verify = JiveGlobals.getBooleanProperty( ConnectionSettings.Server.TLS_CERTIFICATE_VERIFY, true );
if ( verify && verifyCertificates( session.getConnection().getPeerCertificates(), saslServer.getAuthorizationID(), true ) ) if ( verify )
{
if ( verifyCertificates( session.getConnection().getPeerCertificates(), saslServer.getAuthorizationID(), true ) )
{ {
( (LocalIncomingServerSession) session ).tlsAuth(); ( (LocalIncomingServerSession) session ).tlsAuth();
} }
...@@ -344,6 +346,7 @@ public class SASLAuthentication { ...@@ -344,6 +346,7 @@ public class SASLAuthentication {
throw new SaslFailureException( Failure.NOT_AUTHORIZED, "Server-to-Server certificate verification failed." ); throw new SaslFailureException( Failure.NOT_AUTHORIZED, "Server-to-Server certificate verification failed." );
} }
} }
}
authenticationSuccessful( session, saslServer.getAuthorizationID(), challenge ); authenticationSuccessful( session, saslServer.getAuthorizationID(), challenge );
session.removeSessionData( "SaslServer" ); session.removeSessionData( "SaslServer" );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment