Use rejectUnauthorized: conf.verifyTLSCertificate if no TLS is activated

Use rejectUnauthorized: conf.verifyTLSCertificate if no TLS is activated since ldaps could be used.
7 months ago · b0be7be05d
parent 38a46e68ea
commit b0be7be05d
1 changed files with 1 additions and 5 deletions
--- a/server/modules/authentication/ldap/authentication.js
+++ b/server/modules/authentication/ldap/authentication.js
@ -75,11 +75,7 @@ module.exports = {
 }

 function getTlsOptions(conf) {
-  if (!conf.tlsEnabled) {
-    return {}
-  }
-
-  if (!conf.tlsCertPath) {
+  if (!conf.tlsEnabled || !conf.tlsCertPath) {
    return {
      rejectUnauthorized: conf.verifyTLSCertificate
    }