From c5663dec45b0575f450d3a7864d5b98ca5b8d7ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz>
Date: Mon, 10 Jul 2017 15:48:18 +0200
Subject: [PATCH] Fix gravely wrong is_verified_by_apache (wrong code version)

---
 warden3/warden_server/warden_server.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/warden3/warden_server/warden_server.py b/warden3/warden_server/warden_server.py
index 90d1bd1..4c20d03 100755
--- a/warden3/warden_server/warden_server.py
+++ b/warden3/warden_server/warden_server.py
@@ -360,10 +360,11 @@ class X509Authenticator(PlainAuthenticator):
     def is_verified_by_apache(self, env, args):
         # Allows correct work while SSLVerifyClient both "optional" and "required"
         verify = env.get("SSL_CLIENT_VERIFY")
-        if verify != "SUCCESS":
-            exception = self.req.error(message="authenticate: certificate verification failed", error=403, args = args, ssl_client_verify=verify, cert=env.get("SSL_CLIENT_CERT"))
-            exception.log(self.log)
-            return None
+        if verify == "SUCCESS":
+            return True
+        exception = self.req.error(message="authenticate: certificate verification failed", error=403, args = args, ssl_client_verify=verify, cert=env.get("SSL_CLIENT_CERT"))
+        exception.log(self.log)
+        return False
 
 
     def authenticate(self, env, args):
-- 
GitLab