From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed, 29 Nov 2017 23:22:34 +0000 (+0000)
Subject: TLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured
X-Git-Tag: exim-4.90.0.22~20
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=2d9c1e31d619a61ca09b30a3abfe73ddfed67ce5;p=exim.git

TLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured
---

diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 76c72de90..00e9d41a8 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -3849,24 +3849,24 @@ while (done <= 0)
      )
     {
     cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = FALSE;
-    if (  acl_smtp_auth
-       && (rc = acl_check(ACL_WHERE_AUTH, NULL, acl_smtp_auth,
-		  &user_msg, &log_msg)) != OK
-       )
-      {
-      done = smtp_handle_acl_fail(ACL_WHERE_AUTH, rc, user_msg, log_msg);
-      continue;
-      }
 
     for (au = auths; au; au = au->next)
       if (strcmpic(US"tls", au->driver_name) == 0)
 	{
-	smtp_cmd_data = NULL;
-
-	if (smtp_in_auth(au, &s, &ss) == OK)
-	  { DEBUG(D_auth) debug_printf("tls auth succeeded\n"); }
+	if (  acl_smtp_auth
+	   && (rc = acl_check(ACL_WHERE_AUTH, NULL, acl_smtp_auth,
+		      &user_msg, &log_msg)) != OK
+	   )
+	  done = smtp_handle_acl_fail(ACL_WHERE_AUTH, rc, user_msg, log_msg);
 	else
-	  { DEBUG(D_auth) debug_printf("tls auth not succeeded\n"); }
+	  {
+	  smtp_cmd_data = NULL;
+
+	  if (smtp_in_auth(au, &s, &ss) == OK)
+	    { DEBUG(D_auth) debug_printf("tls auth succeeded\n"); }
+	  else
+	    { DEBUG(D_auth) debug_printf("tls auth not succeeded\n"); }
+	  }
 	break;
 	}
     }