From c46157d5524c924d19936cebf27ccd0e7eedd99e Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@icinga.com>
Date: Tue, 19 Feb 2019 17:38:09 +0100
Subject: [PATCH] ApiListener: fix self-made security hole

---
 lib/remote/apilistener.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index 691009a9f..235e6c573 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -531,13 +531,13 @@ void ApiListener::NewClientHandlerInternal(boost::asio::yield_context yc, const
 
 	sslConn.set_verify_mode(ssl::verify_peer | ssl::verify_client_once);
 
-	bool verify_ok = false;
+	bool verify_ok = true;
 	String verifyError;
 
 	sslConn.set_verify_callback([&verify_ok, &verifyError](bool preverified, ssl::verify_context& ctx) {
-		verify_ok = preverified;
-
 		if (!preverified) {
+			verify_ok = false;
+
 			std::ostringstream msgbuf;
 			int err = X509_STORE_CTX_get_error(ctx.native_handle());