[mod_gnutls-devel] `GnuTLSClientVerify` behavior incorrect?
Ramkumar Chinchani
ramkumar.chinchani at gmail.com
Tue Feb 25 22:48:15 CET 2014
As per current config model, it is possible that `GnuTLSClientVerify` is
defined in server or vhost but not under directory, in which case this is
probably what is desired?
Kindly review.
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index d068ebb..335ae3f 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -849,7 +849,8 @@ int mgs_hook_authz(request_rec * r) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"GnuTLS: Directory set to Ignore Client Certificate!");
} else {
- if (ctxt->sc->client_verify_mode < dc->client_verify_mode) {
+ if (dc->client_verify_mode >= 0 &&
+ ctxt->sc->client_verify_mode < dc->client_verify_mode) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"GnuTLS: Attempting to rehandshake with peer. %d %d",
ctxt->sc->client_verify_mode,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140225/cb384a69/attachment.html>
More information about the mod_gnutls-devel
mailing list