Skip to content
Snippets Groups Projects
Commit 35d7405d authored by Andrea Ceccanti's avatar Andrea Ceccanti
Browse files

Be paranoid about certs extracted from the chain

parent 03d3d92b
No related branches found
No related tags found
1 merge request!14Actual fix for issue-23
Pipeline #23538 passed
Stage: build
Stage: test
Stage: docker-build
Stage: deploy
Hide whitespace changes
Inline Side-by-side
src/ngx_http_voms_module.cpp
+ 1
1
View file @ 35d7405d
...@@ -544,7 +544,7 @@ static X509* get_ee_cert(ngx_http_request_t* r) ...@@ -544,7 +544,7 @@ static X509* get_ee_cert(ngx_http_request_t* r)
// find first non-proxy and non-ca cert // find first non-proxy and non-ca cert
for (int i = 0; i != sk_X509_num(chain); ++i) { for (int i = 0; i != sk_X509_num(chain); ++i) {
auto cert = sk_X509_value(chain, i); auto cert = sk_X509_value(chain, i);
if (is_ca(cert)) { if (cert && is_ca(cert)) {
break; break;
} }
if (cert && !is_proxy(cert)) { if (cert && !is_proxy(cert)) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment