pool/apache2-mod_nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
530af8399e
apache2-mod_nss/mod_nss-clientauth.patch
Wolfgang Rosenauer 4b69663a7b Accepting request 186032 from home:msmeissn:branches:mozilla:Factory 
- mod_nss-tlsv1_1.patch: nss.conf.in missed for TLSv1.2 default.
- mod_nss-clientauth.patch: merged from RHEL6 pkg
- mod_nss-PK11_ListCerts_2.patch: merged from RHEL6 pkg
- mod_nss-no_shutdown_if_not_init_2.patch: merged from RHEL6 pkg
- mod_nss-sslmultiproxy.patch: merged from RHEL6 pkg
- make it build on both Apache2 2.4 and 2.2 systems

OBS-URL: https://build.opensuse.org/request/show/186032
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=6
2013-08-06 09:34:39 +00:00

51 lines
1.8 KiB
Diff
Raw Blame History

The first fix is to retrieve the full certificate subject instead of just the
CN for FakeBasicAuth and prefix it with / to be compatible with OpenSSL.
The second always attempts to retrieve the client certificate in
nss_hook_ReadReq().
https://bugzilla.redhat.com/show_bug.cgi?id=702437
--- mod_nss-1.0.8.orig/nss_engine_io.c 2011-05-10 15:45:49.000000000 -0400
+++ mod_nss-1.0.8.orig/nss_engine_io.c 2011-05-11 15:21:30.000000000 -0400
@@ -1364,13 +1364,9 @@ nss_AuthCertificate(void *arg, PRFileDes
status = SSL_AuthCertificate(arg, socket, checksig, isServer);
- if (status == SECSuccess) {
- conn_rec *c = filter_ctx->c;
- SSLConnRec *sslconn = myConnConfig(c);
-
- sslconn->client_cert = SSL_PeerCertificate(socket);
- sslconn->client_dn = NULL;
- }
+ /* The certificate is copied to sslconn->client_cert in
+ * nss_hook_ReadReq()
+ */
return status;
}
--- mod_nss-1.0.8.orig/nss_engine_kernel.c 2007-05-31 17:36:03.000000000 -0400
+++ mod_nss-1.0.8.orig/nss_engine_kernel.c 2011-05-11 15:30:38.000000000 -0400
@@ -84,6 +84,11 @@ int nss_hook_ReadReq(request_rec *r)
nss_util_vhostid(r->pool, r->server));
}
+ if (sslconn->client_cert != NULL)
+ CERT_DestroyCertificate(sslconn->client_cert);
+ sslconn->client_cert = SSL_PeerCertificate(ssl);
+ sslconn->client_dn = NULL;
+
return DECLINED;
}
@@ -626,8 +631,8 @@ int nss_hook_UserCheck(request_rec *r)
}
if (!sslconn->client_dn) {
- char * cp = CERT_GetCommonName(&sslconn->client_cert->subject);
- sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
+ char * cp = CERT_NameToAscii(&sslconn->client_cert->subject);
+ sslconn->client_dn = apr_pstrcat(r->connection->pool, "/", cp, NULL);
PORT_Free(cp);
}
Reference in New Issue View Git Blame Copy Permalink