Project

General

Profile

Feature #1288 » lighty-clientvalidation-serialenv.patch

Patch to set serial number of the client certificate into environment -- laurent.corbes - Anonymous, 2008-05-21 15:18

View differences:

lighttpd-1.4.19/src/response.c 2008-05-21 16:57:57.000000000 +0200
124 124
	X509 *xs;
125 125
	X509_NAME *xn;
126 126
	X509_NAME_ENTRY *xe;
127
	ASN1_INTEGER *xsn;
128

  
127 129
	if (
128 130
		SSL_get_verify_result(con->ssl) != X509_V_OK
129 131
		|| !(xs = SSL_get_peer_certificate(con->ssl))
......
160 162
		}
161 163
		array_insert_unique(con->environment, (data_unset *)envds);
162 164
	}
165

  
166
/* Also got serial of the certificate */
167
	xsn = X509_get_serialNumber(xs);
168
	if (xsn)
169
	{
170
		data_string *envds;
171

  
172
		char * serialHex;
173
		BIGNUM *serialBN = NULL;
174

  
175

  
176
		serialBN = ASN1_INTEGER_to_BN(xsn,NULL);
177
		serialHex = BN_bn2hex(serialBN);
178

  
179
                if (NULL == (envds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
180
                        envds = data_string_init();
181
                }
182

  
183
		buffer_copy_string_len(envds->key, CONST_STR_LEN("SSL_CLIENT_M_SERIAL"));
184
                buffer_copy_string(
185
                        envds->value,
186
                        serialHex
187
                );
188
                if (buffer_is_equal(con->conf.ssl_verifyclient_username, envds->key)) {
189
                        buffer_copy_string_buffer(con->authed_user, envds->value);
190
                }
191
                array_insert_unique(con->environment, (data_unset *)envds);
192
	}
193

  
194

  
163 195
	X509_free(xs);
164 196
}
165 197
#endif
(6-6/12)