From 1c90c184b5bc87f18a0a2c09af4e1a38c6abd179 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Tue, 30 Jun 2009 18:37:28 +0000
Subject: Applied patch by AlainKnaff to correctly verify certificates per directory. Patch by AlainKnaff.

Solves: http://issues.outoforder.cc/view.php?id=93

---
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 82a9a99..d761b56 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -123,7 +123,7 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session)
 	ctxt->sc = tsc;
 
     gnutls_certificate_server_set_request(session,
-					  ctxt->sc->client_verify_mode);
+					      ctxt->sc->client_verify_mode);
 
     /* set the new server credentials 
      */
@@ -819,11 +819,13 @@ int mgs_hook_authz(request_rec * r)
 	    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
 			  "GnuTLS: Peer is set to IGNORE");
 #endif
-	} else {
-	    rv = mgs_cert_verify(r, ctxt);
-	    if (rv != DECLINED) {
-		return rv;
-	    }
+	    return DECLINED;
+	}
+	rv = mgs_cert_verify(r, ctxt);
+	if (rv != DECLINED &&
+	    (rv != HTTP_FORBIDDEN ||
+	     dc->client_verify_mode == GNUTLS_CERT_REQUIRE)) {
+	    return rv;
 	}
     }
 
--
cgit v0.9.2