www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

the client cert X509_NAME_oneline() is only used if SSLFakeBasicAuth

Browse Source 
is happening.  so avoid calling that unless needed and just stash a
pointer to the client cert for the boolean checks that the client
provided a cert.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92240 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2001-11-29 07:07:36 +00:00
parent 398bb6bde9
commit d06327e27b
3 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/ssl/mod_ssl.c
View File

@@ -422,9 +422,8 @@ int ssl_hook_process_connection(SSLFilterRec *pRec)
* Remember the peer certificate's DN
*/
if ((xs = SSL_get_peer_certificate(pRec->pssl)) != NULL) {
char *cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
sslconn->client_dn = apr_pstrdup(c->pool, cp);
free(cp);
sslconn->client_cert = xs;
sslconn->client_dn = NULL;
}
/*
@@ -432,7 +431,7 @@ int ssl_hook_process_connection(SSLFilterRec *pRec)
* is required we really got one... (be paranoid)
*/
if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE
&& sslconn->client_dn == NULL) {
&& sslconn->client_cert == NULL) {
ssl_log(c->base_server, SSL_LOG_ERROR,
"No acceptable peer certificate available");
return ssl_abort(pRec, c);