From 2eb0c1eb999666fae548f33bb5f75aa19dd16645 Mon Sep 17 00:00:00 2001
From: Narayan Desai <desai@mcs.anl.gov>
Date: Wed, 6 May 2009 01:27:38 +0000
Subject: SSL: disable cert authentication if no CA is available

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5195 ce84e21b-d406-0410-9b95-82705330c041
---
 src/lib/Server/XMLRPC.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/lib/Server/XMLRPC.py b/src/lib/Server/XMLRPC.py
index acc28517d..4e97271bc 100644
--- a/src/lib/Server/XMLRPC.py
+++ b/src/lib/Server/XMLRPC.py
@@ -31,6 +31,7 @@ class bcfg2_server(Component,
         Bcfg2.Server.Core.Core.__init__(self, setup['repo'], setup['plugins'], 
                                         setup['password'], 
                                         setup['encoding'], setup['filemonitor'])
+        self.ca = setup['ca']
         self.process_initial_fam_events()
 
     def process_initial_fam_events(self):
@@ -149,7 +150,12 @@ class bcfg2_server(Component,
         return "<ok/>"
 
     def authenticate(self, cert, user, password, address):
-        return self.metadata.AuthenticateConnection(cert, user, password, address)
+        if self.ca:
+            acert = cert
+        else:
+            # no ca, so no cert validation can be done
+            acert = None
+        return self.metadata.AuthenticateConnection(acert, user, password, address)
 
     @exposed
     def GetDecisionList(self, address, mode):
-- 
cgit v1.2.3-1-g7c22