lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268) 

x-ref:
  "Set serial number of the client certificate into environment"
  https://redmine.lighttpd.net/issues/2268
This commit is contained in:
Glenn Strauss 2016-10-11 01:05:01 -04:00
parent d3ac5667a5
commit daab6f5cd5
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/response.c
View File

@ -129,6 +129,7 @@ int http_response_write_header(server *srv, connection *con) {
}
#ifdef USE_OPENSSL
#include <openssl/bn.h>
static void https_add_ssl_entries(server *srv, connection *con) {
X509 *xs;
X509_NAME *xn;
@ -163,6 +164,16 @@ static void https_add_ssl_entries(server *srv, connection *con) {
}
}
{
ASN1_INTEGER *xsn = X509_get_serialNumber(xs);
BIGNUM serialBN;
char *serialHex = BN_bn2hex(ASN1_INTEGER_to_BN(xsn, &serialBN));
array_set_key_value(con->environment,
CONST_STR_LEN("SSL_CLIENT_M_SERIAL"),
serialHex, strlen(serialHex));
OPENSSL_free(serialHex);
}
if (!buffer_string_is_empty(con->conf.ssl_verifyclient_username)) {
/* pick one of the exported values as "REMOTE_USER", for example
* ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID" or "SSL_CLIENT_S_DN_emailAddress"