* Remember the peer certificate's DN
*/
if ((xs = SSL_get_peer_certificate(pRec->pssl)) != NULL) {
- char *cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
- sslconn->client_dn = apr_pstrdup(c->pool, cp);
- free(cp);
+ sslconn->client_cert = xs;
+ sslconn->client_dn = NULL;
}
/*
* is required we really got one... (be paranoid)
*/
if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE
- && sslconn->client_dn == NULL) {
+ && sslconn->client_cert == NULL) {
ssl_log(c->base_server, SSL_LOG_ERROR,
"No acceptable peer certificate available");
return ssl_abort(pRec, c);
* Remember the peer certificate's DN
*/
if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
- cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
- sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
- free(cp);
+ sslconn->client_cert = cert;
+ sslconn->client_dn = NULL;
}
/*
return DECLINED;
if (r->user)
return DECLINED;
- if ((clientdn = (char *)sslconn->client_dn) == NULL)
+ if (sslconn->client_cert == NULL)
return DECLINED;
+ if (!sslconn->client_dn) {
+ X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
+ char *cp = X509_NAME_oneline(name, NULL, 0);
+ sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
+ free(cp);
+ }
+
+ clientdn = (char *)sslconn->client_dn;
+
/*
* Fake a password - which one would be immaterial, as, it seems, an empty
* password in the users file would match ALL incoming passwords, if only
if (!ok) {
ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum));
- sslconn->client_dn = NULL;
+ sslconn->client_cert = sslconn->client_dn = NULL;
sslconn->verify_error =
X509_verify_cert_error_string(errnum);
}