Repair hosts check during certfiles validation

author: Evgeniy Khramtsov <ekhramtsov@process-one.net> 2017-12-28 21:36:57 +0300
committer: Evgeniy Khramtsov <ekhramtsov@process-one.net> 2017-12-28 21:36:57 +0300
commit: 240977a0da6720bd06be1679942774311afc39ae (patch)
tree: 49c1cafa4d55b032b1ab33ce3404d77db79bd0eb /src
parent: Return default certificate on domain mismatch (diff)
1 files changed, 12 insertions, 3 deletions
diff --git a/src/ejabberd_pkix.erl b/src/ejabberd_pkix.erl
index 87fa364bf..9d1e1a744 100644
--- a/src/ejabberd_pkix.erl
+++ b/src/ejabberd_pkix.erl
@@ -120,6 +120,15 @@ format_error(Why) ->
 
 -spec get_certfile(binary()) -> {ok, binary()} | error.
 get_certfile(Domain) ->
+    case get_certfile_no_default(Domain) of
+	{ok, Path} ->
+	    {ok, Path};
+	error ->
+	    get_default_certfile()
+    end.
+
+-spec get_certfile_no_default(binary()) -> {ok, binary()} | error.
+get_certfile_no_default(Domain) ->
     case ejabberd_idna:domain_utf8_to_ascii(Domain) of
 	false ->
 	    error;
@@ -132,10 +141,10 @@ get_certfile(Domain) ->
 				[{_, Path}|_] ->
 				    {ok, Path};
 				[] ->
-				    get_default_certfile()
+				    error
 			    end;
 			_ ->
-			    get_default_certfile()
+			    error
 		    end;
 		[{_, Path}|_] ->
 		    {ok, Path}
@@ -240,7 +249,7 @@ handle_call({add_certfile, Path}, _, State) ->
 handle_call({route_registered, Host}, _, State) ->
     case add_certfiles(Host, State) of
 	{ok, NewState} ->
-	    case get_certfile(Host) of
+	    case get_certfile_no_default(Host) of
 		{ok, _} -> ok;
 		error ->
 		    ?WARNING_MSG("No certificate found matching '~s': strictly "
author	Evgeniy Khramtsov <ekhramtsov@process-one.net>	2017-12-28 21:36:57 +0300
committer	Evgeniy Khramtsov <ekhramtsov@process-one.net>	2017-12-28 21:36:57 +0300
commit	240977a0da6720bd06be1679942774311afc39ae (patch)
tree	49c1cafa4d55b032b1ab33ce3404d77db79bd0eb /src
parent	Return default certificate on domain mismatch (diff)