continue if non-CA policy is not found
This commit is contained in:
parent
9a3ddc9696
commit
44208455f6
|
@ -140,8 +140,10 @@ func (b *backend) verifyCredentials(req *logical.Request) (*ParsedCert, *logical
|
||||||
// If trustedNonCAs is not empty it means that client had registered a non-CA cert
|
// If trustedNonCAs is not empty it means that client had registered a non-CA cert
|
||||||
// with the backend.
|
// with the backend.
|
||||||
if len(trustedNonCAs) != 0 {
|
if len(trustedNonCAs) != 0 {
|
||||||
// Match the trusted chain with the policy
|
policy := b.matchNonCAPolicy(connState.PeerCertificates[0], trustedNonCAs)
|
||||||
return b.matchNonCAPolicy(connState.PeerCertificates[0], trustedNonCAs), nil, nil
|
if policy != nil {
|
||||||
|
return policy, nil, nil
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate the connection state is trusted
|
// Validate the connection state is trusted
|
||||||
|
|
Loading…
Reference in a new issue