# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1371151661 -7200
# Node ID b2a4679e7d20486489bd12e388ff072339150bee
# Parent  f853a1a3aa1561b0771037d8d948ef1834091daf
mod_auth_ccert: Accidentally not

diff -r f853a1a3aa15 -r b2a4679e7d20 mod_auth_ccert/mod_auth_ccert.lua
--- a/mod_auth_ccert/mod_auth_ccert.lua	Thu Jun 13 21:25:12 2013 +0200
+++ b/mod_auth_ccert/mod_auth_ccert.lua	Thu Jun 13 21:27:41 2013 +0200
@@ -13,7 +13,7 @@
 function get_sasl_handler(session)
 	return new_sasl(module.host, {
 		external = session.secure and function(authz)
-			if session.secure then
+			if not session.secure then
 				-- getpeercertificate() on a TCP connection would be bad, abort!
 				(session.log or log)("error", "How did you manage to select EXTERNAL without TLS?");
 				return nil, false;