/*
* Predefine some client verification results
*/
- apr_table_setn(c->notes, "ssl::client::dn", NULL);
apr_table_setn(c->notes, "ssl::verify::error", NULL);
apr_table_setn(c->notes, "ssl::verify::info", NULL);
SSL_set_verify_result(ssl, X509_V_OK);
X509 *xs;
char *cp = NULL;
conn_rec *c = (conn_rec*)SSL_get_app_data (pRec->pssl);
+ SSLConnRec *sslconn = myConnConfig(c);
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
long verify_result;
*/
if ((xs = SSL_get_peer_certificate(pRec->pssl)) != NULL) {
cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
- apr_table_setn(c->notes,"ssl::client::dn",apr_pstrdup(c->pool, cp));
+ sslconn->client_dn = apr_pstrdup(c->pool, cp);
free(cp);
}
* is required we really got one... (be paranoid)
*/
if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE
- && apr_table_get(c->notes, "ssl::client::dn") == NULL) {
+ && sslconn->client_dn == NULL) {
ssl_log(c->base_server, SSL_LOG_ERROR,
"No acceptable peer certificate available");
return ssl_abort(pRec, c);
SSL *ssl;
char *cpType;
conn_rec *conn;
-
+ SSLConnRec *sslconn;
+
ssl = filter->pssl;
conn = (conn_rec *)SSL_get_app_data(ssl);
if (ssl == NULL)
return APR_SUCCESS;
+ sslconn = myConnConfig(conn);
+
/*
* Now close the SSL layer of the connection. We've to take
* the TLSv1 standard into account here:
*/
if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
- apr_table_setn(r->connection->notes, "ssl::client::dn",
- apr_pstrdup(r->connection->pool, cp));
+ sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
free(cp);
}
return DECLINED;
if (r->user)
return DECLINED;
- if ((clientdn = (char *)apr_table_get(r->connection->notes, "ssl::client::dn")) == NULL)
+ if ((clientdn = (char *)sslconn->client_dn) == NULL)
return DECLINED;
/*
request_rec *r;
SSLSrvConfigRec *sc;
SSLDirConfigRec *dc;
+ SSLConnRec *sslconn;
apr_table_t *actx;
X509 *xs;
int errnum;
*/
ssl = (SSL *)X509_STORE_CTX_get_app_data(ctx);
conn = (conn_rec *)SSL_get_app_data(ssl);
+ sslconn = myConnConfig(conn);
actx = (apr_table_t *)SSL_get_app_data2(ssl);
r = (request_rec *)apr_table_get(actx, "ssl::request_rec");
s = conn->base_server;
if (!ok) {
ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum));
- apr_table_setn(conn->notes, "ssl::client::dn", NULL);
+ sslconn->client_dn = NULL;
apr_table_setn(conn->notes, "ssl::verify::error",
(void *)X509_verify_cert_error_string(errnum));
}
projects / apache / commitdiff