lighty-clientvalidation-serialenv.patch - Lighttpd - lighty labs

Feature #1288 » lighty-clientvalidation-serialenv.patch

Patch to set serial number of the client certificate into environment -- laurent.corbes - Anonymous, 2008-05-21 15:18

     	X509 *xs;
     	X509_NAME *xn;
     	X509_NAME_ENTRY *xe;
     	ASN1_INTEGER *xsn;
     	if (
     		SSL_get_verify_result(con->ssl) != X509_V_OK
     		|| !(xs = SSL_get_peer_certificate(con->ssl))
-...
+    		}
     		array_insert_unique(con->environment, (data_unset *)envds);
+    	}
     /* Also got serial of the certificate */
     	xsn = X509_get_serialNumber(xs);
     	if (xsn)
+    	{
     		data_string *envds;
     		char * serialHex;
     		BIGNUM *serialBN = NULL;
     		serialBN = ASN1_INTEGER_to_BN(xsn,NULL);
     		serialHex = BN_bn2hex(serialBN);
                     if (NULL == (envds = (data_string *)array_get_unused_element(con->environment, TYPE_STRING))) {
                             envds = data_string_init();
+                    }
     		buffer_copy_string_len(envds->key, CONST_STR_LEN("SSL_CLIENT_M_SERIAL"));
                     buffer_copy_string(
                             envds->value,
                             serialHex
                     );
                     if (buffer_is_equal(con->conf.ssl_verifyclient_username, envds->key)) {
                             buffer_copy_string_buffer(con->authed_user, envds->value);
+                    }
                     array_insert_unique(con->environment, (data_unset *)envds);
+    	}
     	X509_free(xs);
+    }
     #endif

(6-6/12)