From 8cef3ce42cd645a3ffb0e1eded52b8b77bb8caff Mon Sep 17 00:00:00 2001
From: Alexander Barton <alex@barton.de>
Date: Sat, 6 Jan 2024 19:57:50 +0100
Subject: [PATCH] S2S-TLS/GnuTLS: Fix handling of connections without peer
 certificates

---
 src/ngircd/conn-ssl.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index 7fb81839..ea0e3d1b 100644
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -1000,16 +1000,15 @@ ConnSSL_LogCertInfo( CONNECTION * c, bool connect)
 	    gnutls_mac_get_name(gnutls_mac_get(sess)));
 	cred = gnutls_auth_get_type(c->ssl_state.gnutls_session);
 	if (cred == GNUTLS_CRD_CERTIFICATE) {
-		cert_seen = true;
-
 		gnutls_x509_crt_t cert;
 		unsigned cert_list_size;
 		const gnutls_datum_t *cert_list =
 		    gnutls_certificate_get_peers(sess, &cert_list_size);
-		if (!cert_list || cert_list_size == 0) {
-			Log(LOG_ERR, "No certificates found");
+
+		if (!cert_list || cert_list_size == 0)
 			goto done_cn_validation;
-		}
+
+		cert_seen = true;
 		int err = gnutls_x509_crt_init(&cert);
 		if (err < 0) {
 			Log(LOG_ERR,
-- 
2.39.2