Merge pull request ghostunnel#222 from phamann/phamann/fix-disable-au…

…thentication Don't set VerifyPeerCertificate function if authentication is disabled
openshift-bot · Apr 18, 2019 · b0ab870 · b0ab870
2 parents 95a1265 + d789a3d
commit b0ab870
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/main.go b/main.go
@@ -442,9 +442,10 @@ func serverListen(context *Context) error {
 	}
 
 	config.GetCertificate = context.cert.GetCertificate
-	config.VerifyPeerCertificate = serverACL.VerifyPeerCertificateServer
 	if *serverDisableAuth {
 		config.ClientAuth = tls.NoClientCert
+	} else {
+		config.VerifyPeerCertificate = serverACL.VerifyPeerCertificateServer
 	}
 
 	listener, err := reuseport.NewReusablePortListener("tcp", (*serverListenAddress).String())

diff --git a/tests/test-server-disable-authentication.py b/tests/test-server-disable-authentication.py
@@ -29,7 +29,7 @@
                                      '--cacert=root.crt',
                                      '--disable-authentication'])
 
-        # connect with client1, confirm that the tunnel is up
+        # connect with no client cert, confirm that the tunnel is up
         pair = SocketPair(TlsClient(None, 'root', 13001), TcpServer(13002))
         pair.validate_can_send_from_client(
             "hello world", "1: client -> server")
@@ -38,6 +38,16 @@
         pair.validate_closing_client_closes_server(
             "1: client closed -> server closed")
 
+        # connect with client1 cert, confirm that the tunnel is up
+        pair2 = SocketPair(
+            TlsClient('client1', 'root', 13001), TcpServer(13002))
+        pair2.validate_can_send_from_client(
+            "hello world", "1: client -> server")
+        pair2.validate_can_send_from_server(
+            "hello world", "1: server -> client")
+        pair2.validate_closing_client_closes_server(
+            "1: client closed -> server closed")
+
         # connect with client2, confirm that the tunnel isn't up
         try:
             pair = SocketPair(