Mercurial > dovecot > core-2.2
changeset 23003:785c4ee0190b
auth: Fail authentication if certificate username was unexpectedly missing
author | Aki Tuomi <aki.tuomi@open-xchange.com> |
---|---|
date | Mon, 21 Jan 2019 10:54:06 +0200 |
parents | f71099c5f007 |
children | 168f4e3a2a53 |
files | src/auth/auth-request-handler.c |
diffstat | 1 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request-handler.c Mon Jan 21 11:36:30 2019 +0200 +++ b/src/auth/auth-request-handler.c Mon Jan 21 10:54:06 2019 +0200 @@ -560,6 +560,14 @@ return TRUE; } + if (request->set->ssl_require_client_cert && + request->set->ssl_username_from_cert && + !request->cert_username) { + auth_request_handler_auth_fail(handler, request, + "SSL certificate didn't contain username"); + return TRUE; + } + /* Empty initial response is a "=" base64 string. Completely empty string shouldn't really be sent, but at least Exim does it, so just allow it for backwards compatibility.. */