httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r159353 - in httpd/httpd/branches/2.0.x: CHANGES STATUS modules/ssl/ssl_engine_kernel.c
Date Tue, 29 Mar 2005 08:31:21 GMT
Author: jorton
Date: Tue Mar 29 00:31:16 2005
New Revision: 159353

URL: http://svn.apache.org/viewcvs?view=rev&rev=159353
Log:
Merge r151493, r153280 from trunk:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Move the
SSLUsername-controlled assignment of r->user earlier.

PR: 31418
Submitted by: dreid
Reviewed by: jorton, jerenkrantz, pquerna, striker

Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?view=diff&r1=159352&r2=159353
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES (original)
+++ httpd/httpd/branches/2.0.x/CHANGES Tue Mar 29 00:31:16 2005
@@ -1,5 +1,8 @@
 Changes with Apache 2.0.54
 
+  *) mod_ssl: If SSLUsername is used, set r->user earlier.  PR 31418.
+     [David Reid]
+
   *) htdigest: Fix permissions of created files.  PR 33765.  [Joe Orton]
 
   *) core_input_filter: Move buckets to a persistent brigade instead of

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?view=diff&r1=159352&r2=159353
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Tue Mar 29 00:31:16 2005
@@ -94,16 +94,6 @@
     identify exactly what the proposed changes are! ]
   [ please append new backports at the end of this list not the top. ]
 
-    *) mod_ssl: Set r->user from SSLUsername earlier so that it's
-       actually useful.
-       http://svn.apache.org/viewcvs.cgi?rev=153280&view=rev
-       http://svn.apache.org/viewcvs.cgi?rev=151493&view=rev
-       a.k.a. http://www.apache.org/~jorton/ap_ssluser.diff
-       PR: 31418
-       jerenkrantz comments: 151493 deletes a chunk and adds a chunk,
-          with 153280 moving that added hunk elsewhere.  My brain hurts.
-       +1: jorton, jerenkrantz, pquerna, striker
-
     *) Add a build script to create a solaris package.
        svn rev 124104
        +1: minfrin, trawick

Modified: httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c?view=diff&r1=159352&r2=159353
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_kernel.c Tue Mar 29 00:31:16 2005
@@ -737,6 +737,20 @@
         }
     }
 
+    /* If we're trying to have the user name set from a client
+     * certificate then we need to set it here. This should be safe as
+     * the user name probably isn't important from an auth checking point
+     * of view as the certificate supplied acts in that capacity.
+     * However, if FakeAuth is being used then this isn't the case so
+     * we need to postpone setting the username until later.
+     */
+    if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName)
{
+        char *val = ssl_var_lookup(r->pool, r->server, r->connection,
+                                   r, (char *)dc->szUserName);
+        if (val && val[0])
+            r->user = val;
+    } 
+
     /*
      * Check SSLRequire boolean expressions
      */
@@ -1020,17 +1034,6 @@
      */
     if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) {
         return DECLINED;
-    }
-
-    /*
-     * Set r->user if requested
-     */
-    if (dc->szUserName) {
-        val = ssl_var_lookup(r->pool, r->server, r->connection, 
-                             r, (char *)dc->szUserName);
-        if (val && val[0]) {
-            r->user = val;
-        }
     }
 
     /*



Mime
View raw message