You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2005/02/10 19:28:46 UTC
svn commit: r153280 - httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Author: jorton
Date: Thu Feb 10 10:28:43 2005
New Revision: 153280
URL: http://svn.apache.org/viewcvs?view=rev&rev=153280
Log:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Move the
SSLUsername-controlled assignment of r->user above the SSLRequire
checks so that the "username" gets logged if SSLRequire denies access.
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?view=diff&r1=153279&r2=153280
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Feb 10 10:28:43 2005
@@ -751,6 +751,20 @@
}
}
+ /* If we're trying to have the user name set from a client
+ * certificate then we need to set it here. This should be safe as
+ * the user name probably isn't important from an auth checking point
+ * of view as the certificate supplied acts in that capacity.
+ * However, if FakeAuth is being used then this isn't the case so
+ * we need to postpone setting the username until later.
+ */
+ if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
+ char *val = ssl_var_lookup(r->pool, r->server, r->connection,
+ r, (char *)dc->szUserName);
+ if (val && val[0])
+ r->user = val;
+ }
+
/*
* Check SSLRequire boolean expressions
*/
@@ -798,20 +812,6 @@
return HTTP_FORBIDDEN;
}
}
-
- /* If we're trying to have the user name set from a client
- * certificate then we need to set it here. This should be safe as
- * the user name probably isn't important from an auth checking point
- * of view as the certificate supplied acts in that capacity.
- * However, if FakeAuth is being used then this isn't the case so
- * we need to postpone setting the username until later.
- */
- if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
- char *val = ssl_var_lookup(r->pool, r->server, r->connection,
- r, (char *)dc->szUserName);
- if (val && val[0])
- r->user = val;
- }
/*
* Else access is granted from our point of view (except vendor