From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 24 Sep 2020 09:14:36 +0000 (+0200)
Subject: chat(): Don't send the certificate error response if the certificate hasn't been... 
X-Git-Tag: v_3_0_29~83
X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=c7737d969bb640f8d13f14152e76cf3bc3850bc9

chat(): Don't send the certificate error response if the certificate hasn't been verified
---

diff --git a/jcc.c b/jcc.c
index 4119e4a5..b6c1c109 100644
--- a/jcc.c
+++ b/jcc.c
@@ -4118,10 +4118,12 @@ static void chat(struct client_state *csp)
       else
       {
          /*
-          * If server certificate is invalid, we must inform client and then
-          * close connection with client.
+          * If server certificate has been verified and is invalid,
+          * we must inform the client and then close the connection
+          * with client and server.
           */
-         if (csp->server_cert_verification_result != SSL_CERT_VALID)
+         if (csp->server_cert_verification_result != SSL_CERT_VALID &&
+             csp->server_cert_verification_result != SSL_CERT_NOT_VERIFIED)
          {
             ssl_send_certificate_error(csp);
             close_client_and_server_ssl_connections(csp);