[mod_gnutls-devel] mgs_hook_authz() handling of return values from mgs_cert_verify()?
Ramkumar Chinchani
ramkumar.chinchani at gmail.com
Fri Mar 14 07:58:20 CET 2014
When GnuTLSClientVerify method is set to cartel or msva, mgs_cert_verify()
correctly returns HTTP_FORBIDDEN when verification fails.
However, when GnuTLSClientVerify is set to "require" at server-level and
not at directory-level, mgs_hook_authz() doesn't seem to honor the return
code properly for this case.
Kindly review the following patch.
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index d068ebb..5bfc2b6 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -878,7 +878,8 @@ int mgs_hook_authz(request_rec * r) {
rv = mgs_cert_verify(r, ctxt);
if (rv != DECLINED &&
(rv != HTTP_FORBIDDEN ||
- dc->client_verify_mode == GNUTLS_CERT_REQUIRE)) {
+ dc->client_verify_mode == GNUTLS_CERT_REQUIRE ||
+ ctxt->sc->client_verify_mode == GNUTLS_CERT_REQUIRE)) {
return rv;
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140313/849147d6/attachment.html>
More information about the mod_gnutls-devel
mailing list