MCPcopy Create free account
hub / github.com/apache/httpd / ssl_check_post_client_verify

Function ssl_check_post_client_verify

modules/ssl/ssl_engine_kernel.c:311–355  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

309}
310
311static int ssl_check_post_client_verify(request_rec *r, SSLSrvConfigRec *sc,
312 SSLDirConfigRec *dc, SSLConnRec *sslconn,
313 SSL *ssl)
314{
315 X509 *cert;
316
317 /*
318 * Remember the peer certificate's DN
319 */
320 if ((cert = SSL_get_peer_certificate(ssl))) {
321 if (sslconn->client_cert) {
322 X509_free(sslconn->client_cert);
323 }
324 sslconn->client_cert = cert;
325 sslconn->client_dn = NULL;
326 }
327
328 /*
329 * Finally check for acceptable renegotiation results
330 */
331 if ((dc->nVerifyClient != SSL_CVERIFY_NONE) ||
332 (sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) {
333 BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
334 (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
335
336 if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
337 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
338 "Re-negotiation handshake failed: "
339 "Client verification failed");
340
341 return HTTP_FORBIDDEN;
342 }
343
344 if (do_verify) {
345 if (cert == NULL) {
346 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
347 "Re-negotiation handshake failed: "
348 "Client certificate missing");
349
350 return HTTP_FORBIDDEN;
351 }
352 }
353 }
354 return OK;
355}
356
357/*
358 * Access Handler, classic flavour, for SSL/TLS up to v1.2

Callers 2

ssl_hook_Access_classicFunction · 0.85
ssl_hook_Access_modernFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected