From 1c90c184b5bc87f18a0a2c09af4e1a38c6abd179 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 30 Jun 2009 18:37:28 +0000 Subject: Applied patch by AlainKnaff to correctly verify certificates per directory. Patch by AlainKnaff. Solves: http://issues.outoforder.cc/view.php?id=93 --- src/gnutls_hooks.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 82a9a99..d761b56 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -123,7 +123,7 @@ static int mgs_select_virtual_server_cb(gnutls_session_t session) ctxt->sc = tsc; gnutls_certificate_server_set_request(session, - ctxt->sc->client_verify_mode); + ctxt->sc->client_verify_mode); /* set the new server credentials */ @@ -819,11 +819,13 @@ int mgs_hook_authz(request_rec * r) ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "GnuTLS: Peer is set to IGNORE"); #endif - } else { - rv = mgs_cert_verify(r, ctxt); - if (rv != DECLINED) { - return rv; - } + return DECLINED; + } + rv = mgs_cert_verify(r, ctxt); + if (rv != DECLINED && + (rv != HTTP_FORBIDDEN || + dc->client_verify_mode == GNUTLS_CERT_REQUIRE)) { + return rv; } } -- cgit