Preserve client certificate when TLS is indirectly enabled by a STS policy

Closes GH-4152.
This commit is contained in:
Val Lorentz 2022-02-13 14:26:45 +01:00
parent ba210e853b
commit 53b4d00732
2 changed files with 26 additions and 4 deletions

View File

@ -122,10 +122,6 @@ Network.prototype.validate = function (client) {
this.sasl = "";
}
if (!this.tls) {
ClientCertificate.remove(this.uuid);
}
if (Helper.config.lockNetwork) {
// This check is needed to prevent invalid user configurations
if (
@ -188,6 +184,10 @@ Network.prototype.validate = function (client) {
this.rejectUnauthorized = true;
}
if (!this.tls) {
ClientCertificate.remove(this.uuid);
}
return true;
};

View File

@ -223,6 +223,28 @@ describe("Network", function () {
ClientCertificate.remove(network.uuid);
Helper.config.public = true;
});
it("should remove client certs if there is a STS policy", function () {
Helper.config.public = false;
const client = {idMsg: 1, emit() {}, messageStorage: []};
STSPolicies.update("irc.example.com", 7000, 3600);
const network = new Network({host: "irc.example.com", sasl: "external"});
network.createIrcFramework(client);
expect(network.irc).to.not.be.null;
const client_cert = network.irc.options.client_certificate;
expect(client_cert).to.not.be.null;
expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert);
expect(network.validate(client)).to.be.true;
expect(ClientCertificate.get(network.uuid)).to.deep.equal(client_cert); // Should be unchanged
ClientCertificate.remove(network.uuid);
Helper.config.public = true;
});
});
describe("#createIrcFramework(client)", function () {