`id` INT NOT NULL AUTO_INCREMENT ,
`uId` INT NOT NULL ,
`sslSerial` VARCHAR( 32 ) NOT NULL ,
+ `sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL ,
`sslName` VARCHAR( 64 ) NOT NULL ,
`sslEmail` VARCHAR( 64 ) NOT NULL ,
PRIMARY KEY ( `id` ) ,
`id` INT NOT NULL AUTO_INCREMENT ,
`uId` INT NOT NULL ,
`sslSerial` VARCHAR( 32 ) NOT NULL ,
+ `sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL ,
`sslName` VARCHAR( 64 ) NOT NULL ,
`sslEmail` VARCHAR( 64 ) NOT NULL ,
PRIMARY KEY ( `id` ) ,
{
if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
|| !isset($_SERVER['SSL_CLIENT_V_END'])
+ || !isset($_SERVER['SSL_CLIENT_VERIFY'])
+ || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS'
+ || !isset($_SERVER['SSL_CLIENT_I_DN'])
) {
return false;
}
- //TODO: verify this var is always there
+
if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
return false;
}
- $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
+
$query = 'SELECT uId'
. ' FROM ' . $this->getTableName() . '_sslclientcerts'
- . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'';
+ . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''
+ . ' AND sslClientIssuerDn = \''
+ . $this->db->sql_escape($clientIssuerDn)
+ . '\'';
if (!($dbresult = $this->db->sql_query($query))) {
message_die(
GENERAL_ERROR, 'Could not load user for client certificate',
projects / semanticscuttle.git / commitdiff