continue if non-CA policy is not found

This commit is contained in:
vishalnayak 2016-03-01 16:43:51 -05:00
parent 9a3ddc9696
commit 44208455f6

View file

@ -140,8 +140,10 @@ func (b *backend) verifyCredentials(req *logical.Request) (*ParsedCert, *logical
// If trustedNonCAs is not empty it means that client had registered a non-CA cert
// with the backend.
if len(trustedNonCAs) != 0 {
// Match the trusted chain with the policy
return b.matchNonCAPolicy(connState.PeerCertificates[0], trustedNonCAs), nil, nil
policy := b.matchNonCAPolicy(connState.PeerCertificates[0], trustedNonCAs)
if policy != nil {
return policy, nil, nil
}
}
// Validate the connection state is trusted