From: David Reid Date: Sat, 5 Feb 2005 14:20:26 +0000 (+0000) Subject: Change where we set r->user if we're setting it from a X-Git-Tag: 2.1.3~60 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=98d1aa261a313f0d8f1693f7b8565063ba59ab82;p=apache Change where we set r->user if we're setting it from a client certificate. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151493 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index efa7230b17..1fe1b3b0cb 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -799,6 +799,20 @@ int ssl_hook_Access(request_rec *r) } } + /* If we're trying to have the user name set from a client + * certificate then we need to set it here. This should be safe as + * the user name probably isn't important from an auth checking point + * of view as the certificate supplied acts in that capacity. + * However, if FakeAuth is being used then this isn't the case so + * we need to postpone setting the username until later. + */ + if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) { + char *val = ssl_var_lookup(r->pool, r->server, r->connection, + r, (char *)dc->szUserName); + if (val && val[0]) + r->user = val; + } + /* * Else access is granted from our point of view (except vendor * handlers override). But we have to return DECLINED here instead @@ -1042,17 +1056,6 @@ int ssl_hook_Fixup(request_rec *r) return DECLINED; } - /* - * Set r->user if requested - */ - if (dc->szUserName) { - val = ssl_var_lookup(r->pool, r->server, r->connection, - r, (char *)dc->szUserName); - if (val && val[0]) { - r->user = val; - } - } - /* * Annotate the SSI/CGI environment with standard SSL information */