ApiListener: fix self-made security hole

author Alexander A. Klimov <alexander.klimov@icinga.com>

Tue, 19 Feb 2019 16:38:09 +0000 (17:38 +0100)

committer Alexander A. Klimov <alexander.klimov@icinga.com>

Mon, 1 Apr 2019 09:40:14 +0000 (11:40 +0200)
author Alexander A. Klimov <alexander.klimov@icinga.com>
Tue, 19 Feb 2019 16:38:09 +0000 (17:38 +0100)
committer Alexander A. Klimov <alexander.klimov@icinga.com>
Mon, 1 Apr 2019 09:40:14 +0000 (11:40 +0200)
diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp

index 691009a9f78ad2dd726fa0f5dd2eb71d5f1d0ab2..235e6c573e6f4842b20ad00fa71d26f2a36a47ed 100644 (file)
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -531,13 +531,13 @@ void ApiListener::NewClientHandlerInternal(boost::asio::yield_context yc, const
  
         sslConn.set_verify_mode(ssl::verify_peer | ssl::verify_client_once);
  
-       bool verify_ok = false;
+       bool verify_ok = true;
         String verifyError;
  
         sslConn.set_verify_callback([&verify_ok, &verifyError](bool preverified, ssl::verify_context& ctx) {
-               verify_ok = preverified;
-
                 if (!preverified) {
+                       verify_ok = false;
+
                         std::ostringstream msgbuf;
                         int err = X509_STORE_CTX_get_error(ctx.native_handle());
author	Alexander A. Klimov <alexander.klimov@icinga.com>
	Tue, 19 Feb 2019 16:38:09 +0000 (17:38 +0100)
committer	Alexander A. Klimov <alexander.klimov@icinga.com>
	Mon, 1 Apr 2019 09:40:14 +0000 (11:40 +0200)