mod_ssl: Fix a problem setting variables that represent the

client certificate chain.

PR:  21371

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100605 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index b87d545cbe2d69f7f01b2e731a65c5b3cc72ff9b..0fca3dbe071600b96b799f8a23785bad141633a8 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_ssl: Fix a problem setting variables that represent the
+     client certificate chain.  PR 21397  [Jeff Trawick]
+
   *) Remember an authenticated user during internal redirects if the
      redirection target is not access protected and pass it
      to scripts using the REDIRECT_REMOTE_USER environment variable.

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index dc63a31640f3ae2abc40190817d9f5f53740d6b8..eeb331c0f2295956371857d5896ff8dce5d05f77 100644 (file)
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -290,7 +290,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var)
     }
     else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
         sk = SSL_get_peer_cert_chain(ssl);
-        result = ssl_var_lookup_ssl_cert_chain(p, sk, var+17);
+        result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18);
     }
     else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) {
         result = ssl_var_lookup_ssl_cert_verify(p, c);