Applied patch by AlainKnaff to correctly verify certificates per directory. Patch by AlainKnaff.

Solves: http://issues.outoforder.cc/view.php?id=93
author: Nokis Mavrogiannopoulos 2009-06-30 18:37:28 +0000
committer: Nokis Mavrogiannopoulos 2009-06-30 18:37:28 +0000
commit: 45cbd99483fd410efd98bdf511f5669e5711a5d2 (patch)
tree: cacd12a09da872c30ac3c2fef5300e37da18453a /src
parent: d07dc84dcdef333265ea6a349321507cda1dc7cb (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 82a9a99..d761b56 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -123,7 +123,7 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session)
        ctxt->sc = tsc;
    gnutls_certificate_server_set_request(session,
-                                          ctxt->sc->client_verify_mode);
+                                              ctxt->sc->client_verify_mode);
    /* set the new server credentials 
     */
@@ -819,11 +819,13 @@ int mgs_hook_authz(request_rec * r)
            ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
                          "GnuTLS: Peer is set to IGNORE");
 #endif
-        } else {
+            return DECLINED;
-            rv = mgs_cert_verify(r, ctxt);
+        }
-            if (rv != DECLINED) {
+        rv = mgs_cert_verify(r, ctxt);
-                return rv;
+        if (rv != DECLINED &&
-            }
+            (rv != HTTP_FORBIDDEN ||
+             dc->client_verify_mode == GNUTLS_CERT_REQUIRE)) {
+            return rv;
        }
    }
author	Nokis Mavrogiannopoulos	2009-06-30 18:37:28 +0000
committer	Nokis Mavrogiannopoulos	2009-06-30 18:37:28 +0000
commit	45cbd99483fd410efd98bdf511f5669e5711a5d2 (patch)
tree	cacd12a09da872c30ac3c2fef5300e37da18453a /src
parent	d07dc84dcdef333265ea6a349321507cda1dc7cb (diff)