luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

continue if non-CA policy is not found

This commit is contained in:
vishalnayak 2016-03-01 16:43:51 -05:00
parent 9a3ddc9696
commit 44208455f6
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/credential/cert/path_login.go
View File

@ -140,8 +140,10 @@ func (b *backend) verifyCredentials(req *logical.Request) (*ParsedCert, *logical
// If trustedNonCAs is not empty it means that client had registered a non-CA cert // If trustedNonCAs is not empty it means that client had registered a non-CA cert
// with the backend. // with the backend.
if len(trustedNonCAs) != 0 { if len(trustedNonCAs) != 0 {
// Match the trusted chain with the policy policy := b.matchNonCAPolicy(connState.PeerCertificates[0], trustedNonCAs)
return b.matchNonCAPolicy(connState.PeerCertificates[0], trustedNonCAs), nil, nil if policy != nil {
return policy, nil, nil
}
} }
// Validate the connection state is trusted // Validate the connection state is trusted