From 33e747ae2efc6ea9301e6245521794e15f951c49 Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gunnar@beutner.name>
Date: Wed, 11 Feb 2015 09:56:22 +0100
Subject: [PATCH] Don't require tickets for clients which already have a
 trusted certificate

fixes #8465
---
 lib/remote/apiclient.cpp | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/lib/remote/apiclient.cpp b/lib/remote/apiclient.cpp
index dd0a4dfe8..2304df3fb 100644
--- a/lib/remote/apiclient.cpp
+++ b/lib/remote/apiclient.cpp
@@ -220,22 +220,24 @@ Value RequestCertificateHandler(const MessageOrigin& origin, const Dictionary::P
 	if (!params)
 		return Empty;
 
-	ApiListener::Ptr listener = ApiListener::GetInstance();
-	String salt = listener->GetTicketSalt();
-
 	Dictionary::Ptr result = new Dictionary();
 
-	if (salt.IsEmpty()) {
-		result->Set("error", "Ticket salt is not configured.");
-		return result;
-	}
+	if (!origin.FromClient->IsAuthenticated()) {
+		ApiListener::Ptr listener = ApiListener::GetInstance();
+		String salt = listener->GetTicketSalt();
+
+		if (salt.IsEmpty()) {
+			result->Set("error", "Ticket salt is not configured.");
+			return result;
+		}
 
-	String ticket = params->Get("ticket");
-	String realTicket = PBKDF2_SHA1(origin.FromClient->GetIdentity(), salt, 50000);
+		String ticket = params->Get("ticket");
+		String realTicket = PBKDF2_SHA1(origin.FromClient->GetIdentity(), salt, 50000);
 
-	if (ticket != realTicket) {
-		result->Set("error", "Invalid ticket.");
-		return result;
+		if (ticket != realTicket) {
+			result->Set("error", "Invalid ticket.");
+			return result;
+		}
 	}
 
 	boost::shared_ptr<X509> cert = origin.FromClient->GetStream()->GetPeerCertificate();
-- 
2.50.1