diff options
| author | Jeffrey J McCune <jeff@northstarlabs.net> | 2007-11-24 11:27:15 -0500 |
|---|---|---|
| committer | Jeffrey J McCune <jeff@northstarlabs.net> | 2007-11-24 11:27:15 -0500 |
| commit | a88891a5573785867667f6de0cdc539873455226 (patch) | |
| tree | f955d92b69bae1cd299dd5669c521ea3dc59b3dc /lib | |
| parent | e53693e3ff244f8e782b5dc863aa659d46f9a286 (diff) | |
| download | puppet-a88891a5573785867667f6de0cdc539873455226.tar.gz puppet-a88891a5573785867667f6de0cdc539873455226.tar.xz puppet-a88891a5573785867667f6de0cdc539873455226.zip | |
Fixed #906 - Augmented Cert DN regexp check to work with Pound and Apache.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/network/http_server/mongrel.rb | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/puppet/network/http_server/mongrel.rb b/lib/puppet/network/http_server/mongrel.rb index ce2196eca..d6e21b189 100644 --- a/lib/puppet/network/http_server/mongrel.rb +++ b/lib/puppet/network/http_server/mongrel.rb @@ -120,8 +120,11 @@ module Puppet::Network def client_info(request) params = request.params ip = params["REMOTE_ADDR"] - if dn = params[Puppet[:ssl_client_header]] and dn.include?("/CN=") - client = dn.sub("/CN=", '') + # JJM #906 The following dn.match regular expression is forgiving + # enough to match the two Distinguished Name string contents + # coming from Apache, Pound or other reverse SSL proxies. + if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) + client = dn_matchdata[1].to_str valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS') else client = Resolv.getname(ip) |