Merge remote-tracking branch 'processone/pr/1914'

* processone/pr/1914:
  ejabberd_c2s: Fix priority of 'certfile' option

1 files changed, 13 insertions, 8 deletions

diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl
index 4b265d29d..a0be2e118 100644
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -297,14 +297,19 @@ process_terminated(State, _Reason) ->
 %%%===================================================================
 %%% xmpp_stream_in callbacks
 %%%===================================================================
-tls_options(#{lserver := LServer, tls_options := DefaultOpts}) ->
-    TLSOpts1 = case ejabberd_config:get_option(
-		      {c2s_certfile, LServer},
-		      ejabberd_config:get_option(
-			{domain_certfile, LServer})) of
-		   undefined -> DefaultOpts;
-		   CertFile -> lists:keystore(certfile, 1, DefaultOpts,
-					      {certfile, CertFile})
+tls_options(#{lserver := LServer, tls_options := DefaultOpts,
+	      stream_encrypted := Encrypted}) ->
+    TLSOpts1 = case {Encrypted, proplists:get_value(certfile, DefaultOpts)} of
+		   {true, CertFile} when CertFile /= undefined -> DefaultOpts;
+		   {_, _} ->
+		       case ejabberd_config:get_option(
+			      {c2s_certfile, LServer},
+			      ejabberd_config:get_option(
+				{domain_certfile, LServer})) of
+			   undefined -> DefaultOpts;
+			   CertFile -> lists:keystore(certfile, 1, DefaultOpts,
+						      {certfile, CertFile})
+		       end
 	       end,
     TLSOpts2 = case ejabberd_config:get_option(
                       {c2s_ciphers, LServer}) of