View | Details | Raw Unified | Return to bug 55786
Collapse All | Expand All

(-)modules/ssl/ssl_engine_kernel.c (-8 / +7 lines)
Lines 886-892 int ssl_hook_Access(request_rec *r) Link Here
886
886
887
            cert = SSL_get_peer_certificate(ssl);
887
            cert = SSL_get_peer_certificate(ssl);
888
888
889
            if (!cert_stack && cert) {
889
            if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
890
                if (!cert) {
891
                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02222)
892
                                  "Cannot find peer certificate chain");
893
                    return HTTP_FORBIDDEN;
894
                }
895
890
                /* client cert is in the session cache, but there is
896
                /* client cert is in the session cache, but there is
891
                 * no chain, since ssl3_get_client_certificate()
897
                 * no chain, since ssl3_get_client_certificate()
892
                 * sk_X509_shift-ed the peer cert out of the chain.
898
                 * sk_X509_shift-ed the peer cert out of the chain.
Lines 896-908 int ssl_hook_Access(request_rec *r) Link Here
896
                sk_X509_push(cert_stack, cert);
902
                sk_X509_push(cert_stack, cert);
897
            }
903
            }
898
904
899
            if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
900
                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02222)
901
                              "Cannot find peer certificate chain");
902
903
                return HTTP_FORBIDDEN;
904
            }
905
906
            if (!(cert_store ||
905
            if (!(cert_store ||
907
                  (cert_store = SSL_CTX_get_cert_store(ctx))))
906
                  (cert_store = SSL_CTX_get_cert_store(ctx))))
908
            {
907
            {

Return to bug 55786