Changeset 4f2c988 in mod_gnutls for src/gnutls_hooks.c


Ignore:
Timestamp:
Jan 24, 2020, 3:53:19 PM (20 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master, proxy-ticket
Children:
44188aa
Parents:
4fe52e6
Message:

Send 403 if required client post-handshake authentication fails

This is the (presumed) expected behavior if the initial handshake was
allowed and part of the server is accessible to the client.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    r4fe52e6 r4f2c988  
    14991499        }
    15001500
     1501        /* The request mode sent to the client is always "request"
     1502         * because if reauth with "require" fails GnuTLS invalidates
     1503         * the session, so we couldn't send 403 to the client. */
    15011504        gnutls_certificate_server_set_request(ctxt->session,
    1502                                               client_verify_mode);
     1505                                              GNUTLS_CERT_REQUEST);
    15031506        int rv = mgs_reauth(ctxt, r);
    15041507        if (rv != GNUTLS_E_SUCCESS) {
Note: See TracChangeset for help on using the changeset viewer.