Changeset 0dc1a31 in mod_gnutls


Ignore:
Timestamp:
Jan 15, 2020, 11:14:50 AM (10 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master, proxy-ticket
Children:
a9e0738
Parents:
346c03b
git-author:
Fiona Klute <fiona.klute@…> (01/15/20 11:13:01)
git-committer:
Fiona Klute <fiona.klute@…> (01/15/20 11:14:50)
Message:

Always return DECLINED instead of OK from mgs_cert_verify

The return value may be returned from mgs_hook_authz in turn, and in
that case OK would prevent other modules' authz hooks from being
called. DECLINED basically means that the current module has no
objections.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    r346c03b r0dc1a31  
    16561656         */
    16571657        if (ctxt->sc->client_verify_mode == GNUTLS_CERT_REQUEST)
    1658             return OK;
     1658            return DECLINED;
    16591659
    16601660        /* no certificate provided by the client, but one was required. */
     
    18341834        apr_table_setn(r->subprocess_env, "SSL_CLIENT_VERIFY",
    18351835                "SUCCESS");
    1836         ret = OK;
     1836        ret = DECLINED;
    18371837    } else {
    18381838        apr_table_setn(r->subprocess_env, "SSL_CLIENT_VERIFY",
Note: See TracChangeset for help on using the changeset viewer.