Browse Source

[TLS] set SSL_CLIENT_M_SERIAL w/ client cert SN (fixes #2268)

x-ref:
  "Set serial number of the client certificate into environment"
  https://redmine.lighttpd.net/issues/2268
personal/stbuehler/mod-csrf
Glenn Strauss 5 years ago
parent
commit
daab6f5cd5
  1. 11
      src/response.c

11
src/response.c

@ -129,6 +129,7 @@ int http_response_write_header(server *srv, connection *con) {
}
#ifdef USE_OPENSSL
#include <openssl/bn.h>
static void https_add_ssl_entries(server *srv, connection *con) {
X509 *xs;
X509_NAME *xn;
@ -163,6 +164,16 @@ static void https_add_ssl_entries(server *srv, connection *con) {
}
}
{
ASN1_INTEGER *xsn = X509_get_serialNumber(xs);
BIGNUM serialBN;
char *serialHex = BN_bn2hex(ASN1_INTEGER_to_BN(xsn, &serialBN));
array_set_key_value(con->environment,
CONST_STR_LEN("SSL_CLIENT_M_SERIAL"),
serialHex, strlen(serialHex));
OPENSSL_free(serialHex);
}
if (!buffer_string_is_empty(con->conf.ssl_verifyclient_username)) {
/* pick one of the exported values as "REMOTE_USER", for example
* ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID" or "SSL_CLIENT_S_DN_emailAddress"

Loading…
Cancel
Save