From c38a4e93e8f815dfd900f0b7058de5f183a34d1a Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 30 Jun 2009 18:42:11 +0000 Subject: Avoid requesting certificate from client when we already have it. Patch by AlainKnaff. --- src/gnutls_hooks.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index d761b56..ea59bbf 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -808,6 +808,12 @@ int mgs_hook_authz(request_rec * r) ctxt->sc->client_verify_mode, dc->client_verify_mode); + /* If we already have a client certificate, there's no point in + * re-handshaking... */ + rv = mgs_cert_verify(r, ctxt); + if (rv != DECLINED && rv != HTTP_FORBIDDEN) + return rv; + gnutls_certificate_server_set_request(ctxt->session, dc->client_verify_mode); -- cgit