Skip to content
Snippets Groups Projects

Do not return CA certificates as the EEC

Merged Do not return CA certificates as the EEC
issue-23 into master
Merged Andrea Ceccanti requested to merge issue-23 into master
Compare
and
Show latest version
1 file
+ 2
2
Compare changes
  • Side-by-side
  • Inline
src/ngx_http_voms_module.cpp
+ 2
2
@@ -541,10 +541,10 @@ static X509* get_ee_cert(ngx_http_request_t* r)
if (sk_X509_num(chain) == 0) {
ee_cert = SSL_get_peer_certificate(r->connection->ssl->connection);
} else {
// find first non-proxy (and non-ca)
// find first non-proxy and non-ca cert
for (int i = 0; i != sk_X509_num(chain); ++i) {
auto cert = sk_X509_value(chain, i);
if (cert && !is_proxy(cert) !is_ca(cert)) {
if (cert && !is_proxy(cert) && !is_ca(cert)) {
ee_cert = cert;
break;
}