Always copy in client certificate and fix FakeBasicAuth

When NSSOptions +FakeBasicAuth is set for a directory, and a certificate is not provided with which the BasicAuth can be Faked, and the client provides an Authorization header, the FakeBasicAuth code in mod_nss may not properly reject an attempt to spoof. BZ 702437
author: Rob Crittenden <rcritten@redhat.com> 2011-06-14 22:13:08 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2011-06-14 22:13:08 -0400
commit: a6c3370491ae1d3bc552e8de9353c82f73e510e3 (patch)
tree: 9328f22e7d9a5401f8dc8e123307b36cbfd5c610 /nss_engine_io.c
parent: f656ffc036af239a4236f1c1fc97e32a809d470d (diff)
download: mod_nss-a6c3370491ae1d3bc552e8de9353c82f73e510e3.tar.gz
mod_nss-a6c3370491ae1d3bc552e8de9353c82f73e510e3.tar.xz
mod_nss-a6c3370491ae1d3bc552e8de9353c82f73e510e3.zip
1 files changed, 3 insertions, 7 deletions
diff --git a/nss_engine_io.c b/nss_engine_io.c
index c9697ec..2f9559f 100644
--- a/nss_engine_io.c
+++ b/nss_engine_io.c
@@ -1365,13 +1365,9 @@ nss_AuthCertificate(void *arg, PRFileDesc *socket,
 
     status = SSL_AuthCertificate(arg, socket, checksig, isServer);
 
-    if (status == SECSuccess) {
-        conn_rec *c = filter_ctx->c;
-        SSLConnRec *sslconn = myConnConfig(c);
-
-        sslconn->client_cert = SSL_PeerCertificate(socket);
-        sslconn->client_dn = NULL;
-    }
+    /* The certificate is copied to sslconn->client_cert in
+     * nss_hook_ReadReq()
+     */
 
     return status;
 }
author	Rob Crittenden <rcritten@redhat.com>	2011-06-14 22:13:08 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2011-06-14 22:13:08 -0400
commit	a6c3370491ae1d3bc552e8de9353c82f73e510e3 (patch)
tree	9328f22e7d9a5401f8dc8e123307b36cbfd5c610 /nss_engine_io.c
parent	f656ffc036af239a4236f1c1fc97e32a809d470d (diff)
download	mod_nss-a6c3370491ae1d3bc552e8de9353c82f73e510e3.tar.gz mod_nss-a6c3370491ae1d3bc552e8de9353c82f73e510e3.tar.xz mod_nss-a6c3370491ae1d3bc552e8de9353c82f73e510e3.zip