You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by st...@apache.org on 2003/08/07 03:53:11 UTC
cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c
striker 2003/08/06 18:53:11
Modified: modules/ssl ssl_engine_kernel.c
Log:
Fix FakeBasicAuth for subrequests. This was reported via issue
#1364 in Subversion:
http://subversion.tigris.org/issues/show_bug.cgi?id=1364
The fix is to make mod_ssl's check_user_id hook stop tripping
over it's own checks in case of a subrequest. That is, it
should DECLINE in case of a subrequest.
Revision Changes Path
1.97 +8 -0 httpd-2.0/modules/ssl/ssl_engine_kernel.c
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- ssl_engine_kernel.c 21 Jul 2003 12:02:39 -0000 1.96
+++ ssl_engine_kernel.c 7 Aug 2003 01:53:11 -0000 1.97
@@ -856,6 +856,14 @@
}
/*
+ * We decline when we are in a subrequest. The Authorization header
+ * would already be present if it was added in the main request.
+ */
+ if (!ap_is_initial_req(r)) {
+ return DECLINED;
+ }
+
+ /*
* Make sure the user is not able to fake the client certificate
* based authentication by just entering an X.509 Subject DN
* ("/XX=YYY/XX=YYY/..") as the username and "password" as the