From c7737d969bb640f8d13f14152e76cf3bc3850bc9 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 24 Sep 2020 11:14:36 +0200
Subject: [PATCH] chat(): Don't send the certificate error response if the
 certificate hasn't been verified

---
 jcc.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/jcc.c b/jcc.c
index 4119e4a5..b6c1c109 100644
--- a/jcc.c
+++ b/jcc.c
@@ -4118,10 +4118,12 @@ static void chat(struct client_state *csp)
       else
       {
          /*
-          * If server certificate is invalid, we must inform client and then
-          * close connection with client.
+          * If server certificate has been verified and is invalid,
+          * we must inform the client and then close the connection
+          * with client and server.
           */
-         if (csp->server_cert_verification_result != SSL_CERT_VALID)
+         if (csp->server_cert_verification_result != SSL_CERT_VALID &&
+             csp->server_cert_verification_result != SSL_CERT_NOT_VERIFIED)
          {
             ssl_send_certificate_error(csp);
             close_client_and_server_ssl_connections(csp);
-- 
2.49.0