From c38a4e93e8f815dfd900f0b7058de5f183a34d1a Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Tue, 30 Jun 2009 18:42:11 +0000
Subject: Avoid requesting certificate from client when we already have it. Patch by AlainKnaff.

---
(limited to 'src')

diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index d761b56..ea59bbf 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -808,6 +808,12 @@ int mgs_hook_authz(request_rec * r)
 			  ctxt->sc->client_verify_mode,
 			  dc->client_verify_mode);
 
+            /* If we already have a client certificate, there's no point in
+             * re-handshaking... */
+            rv = mgs_cert_verify(r, ctxt);
+            if (rv != DECLINED && rv != HTTP_FORBIDDEN)
+                return rv;
+
 	    gnutls_certificate_server_set_request(ctxt->session,
 						  dc->client_verify_mode);
 
--
cgit v0.9.2