When initiating the TLS connection use tls_server.

bareos · Feb 17, 2015 · 773aa2b · 773aa2b
1 parent 441f73f
commit 773aa2b
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/src/filed/authenticate.c b/src/filed/authenticate.c
@@ -332,13 +332,19 @@ static inline bool two_way_authenticate(BSOCK *bs, JCR *jcr, bool initiate, cons
        */
       if (initiate) {
          verify_list = me->tls_allowed_cns;
+         if (!bnet_tls_server(me->tls_ctx, bs, verify_list)) {
+            Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
+            auth_success = false;
+            goto auth_fatal;
+         }
+      } else {
+         if (!bnet_tls_client(me->tls_ctx, bs, verify_list)) {
+            Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
+            auth_success = false;
+            goto auth_fatal;
+         }
       }
 
-      if (!bnet_tls_client(me->tls_ctx, bs, verify_list)) {
-         Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
-         auth_success = false;
-         goto auth_fatal;
-      }
       if (me->tls_authenticate) {           /* tls authentication only? */
          bs->free_tls();                    /* yes, shutdown tls */
       }