# HG changeset patch
# User Vladimir Homutov <vl@nginx.com>
# Date 1484832007 -10800
# Node ID 1818acd8442f469c8ee4c0cbd8fb4708c1358a35
# Parent  0a08a8babf53a3ba1074587fcecdc32624eed2eb
Stream: client SSL certificates were not checked in some cases.

If ngx_stream_ssl_init_connection() succeeded immediately, the check was not
done.

The bug had appeared in 1.11.8 (41cb1b64561d).

diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -284,6 +284,7 @@ ngx_stream_ssl_handler(ngx_stream_sessio
 {
     long                    rc;
     X509                   *cert;
+    ngx_int_t               rv;
     ngx_connection_t       *c;
     ngx_stream_ssl_conf_t  *sslcf;
 
@@ -305,7 +306,11 @@ ngx_stream_ssl_handler(ngx_stream_sessio
             return NGX_ERROR;
         }
 
-        return ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+        rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+
+        if (rv != NGX_OK) {
+            return rv;
+        }
     }
 
     if (sslcf->verify) {