Tree - rpms/dovecot - CentOS Git server

Blob History Raw

		70765b	`From 7525fece60f01b52deb13df3620976ee1d616837 Mon Sep 17 00:00:00 2001`
		70765b	`From: Aki Tuomi <aki.tuomi@open-xchange.com>`
		70765b	`Date: Mon, 21 Jan 2019 10:54:06 +0200`
		70765b	`Subject: [PATCH] auth: Fail authentication if certificate username was`
		70765b	`unexpectedly missing`
		70765b
		70765b	`---`
		70765b	`src/auth/auth-request-handler.c \| 8 ++++++++`
		70765b	`1 file changed, 8 insertions(+)`
		70765b
		70765b	`diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c`
		70765b	`index 617dc1883d..3044e94f91 100644`
		70765b	`--- a/src/auth/auth-request-handler.c`
		70765b	`+++ b/src/auth/auth-request-handler.c`
		70765b	`@@ -560,6 +560,14 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,`
		70765b	`return TRUE;`
		70765b	`}`
		70765b
		70765b	`+ if (request->set->ssl_require_client_cert &&`
		70765b	`+ request->set->ssl_username_from_cert &&`
		70765b	`+ !request->cert_username) {`
		70765b	`+ auth_request_handler_auth_fail(handler, request,`
		70765b	`+ "SSL certificate didn't contain username");`
		70765b	`+ return TRUE;`
		70765b	`+ }`
		70765b	`+`
		70765b	`/* Empty initial response is a "=" base64 string. Completely empty`
		70765b	`string shouldn't really be sent, but at least Exim does it,`
		70765b	`so just allow it for backwards compatibility.. */`