From 7a6e5aa9584995e47d1f1180b0ff44b4f42c8a9f Mon Sep 17 00:00:00 2001
From: lidakaml <52534475+lidakaml@users.noreply.github.com>
Date: Tue, 7 Jun 2022 17:16:07 +0300
Subject: [PATCH] tls can be served without client cert

tls can be served if require_client_certs option is set to false in config file
---
 apps/epp_proxy/src/epp_tls_worker.erl | 30 +++++++++++++++++++--------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/apps/epp_proxy/src/epp_tls_worker.erl b/apps/epp_proxy/src/epp_tls_worker.erl
index 1941251..4e22287 100644
--- a/apps/epp_proxy/src/epp_tls_worker.erl
+++ b/apps/epp_proxy/src/epp_tls_worker.erl
@@ -169,20 +169,32 @@ log_opened_connection(Ip) ->
 	       "~p.~n",
 	       [ReadableIp, self()]).
 
+require_client_certs() ->
+    case application:get_env(epp_proxy, require_client_certs) of
+        {ok, false} -> false;
+        {ok, true} -> true
+    end.
+
 %% Extract state info from socket. Fail if you must.
 state_from_socket(Socket, State) ->
-    {ok, PeerCert} = ssl:peercert(Socket),
     {ok, {PeerIp, _PeerPort}} = ssl:peername(Socket),
-    {SSL_CLIENT_S_DN_CN, SSL_CLIENT_CERT} =
-	epp_certs:headers_from_cert(PeerCert),
-    Headers = [{"SSL-CLIENT-CERT", SSL_CLIENT_CERT},
-	       {"SSL-CLIENT-S-DN-CN", SSL_CLIENT_S_DN_CN},
-	       {"User-Agent", <<"EPP proxy">>},
-	       {"X-Forwarded-for", epp_util:readable_ip(PeerIp)}],
+    PlainHeaders = [
+        {"User-Agent", <<"EPP proxy">>},
+        {"X-Forwarded-for", epp_util:readable_ip(PeerIp)}],
+    case {ssl:peercert(Socket), require_client_certs()} of
+        {{error, no_peercert}, false} -> Headers = PlainHeaders;
+        % {{error, no_peercert}, true} -> ; %% TODO: maybe send the reason of connection close
+        {{ok, PeerCert}, _} ->
+        {SSL_CLIENT_S_DN_CN, SSL_CLIENT_CERT} =
+        epp_certs:headers_from_cert(PeerCert),
+        Headers = lists:append(PlainHeaders, [
+            {"SSL-CLIENT-CERT", SSL_CLIENT_CERT},
+            {"SSL-CLIENT-S-DN-CN", SSL_CLIENT_S_DN_CN}])
+    end,
     NewState = State#state{socket = Socket,
-			   headers = Headers},
+        headers = Headers},
     lager:info("Established connection with: [~p]~n",
-	       [NewState]),
+        [NewState]),
     NewState.
 
 %% Get status, XML record, command and clTRID if defined.