[rs-commit] r36 - in /mod_ca/trunk: ChangeLog mod_ca_ldap.c

rs-commit at redwax.eu rs-commit at redwax.eu
Sun Apr 7 23:04:48 CEST 2019 

Author: minfrin at redwax.eu
Date: Sun Apr  7 23:04:47 2019
New Revision: 36

Log:
Allow the challengePassword to be a UTF8 string.

Modified:
    mod_ca/trunk/ChangeLog
    mod_ca/trunk/mod_ca_ldap.c

Modified: mod_ca/trunk/ChangeLog
==============================================================================
--- mod_ca/trunk/ChangeLog	(original)
+++ mod_ca/trunk/ChangeLog	Sun Apr  7 23:04:47 2019
@@ -1,5 +1,7 @@
 
 Changes with v0.2.0
+
+ *) Allow the challengePassword to be a UTF8 string. [Graham Leggett]
 
  *) Distinguish between a certificate not found error and an LDAP error
     so we don't print "Success" next to a failure. [Graham Leggett]

Modified: mod_ca/trunk/mod_ca_ldap.c
==============================================================================
--- mod_ca/trunk/mod_ca_ldap.c	(original)
+++ mod_ca/trunk/mod_ca_ldap.c	Sun Apr  7 23:04:47 2019
@@ -380,20 +380,23 @@
 
         return HTTP_FORBIDDEN;
     }
-    str = X509_ATTRIBUTE_get0_data(challenge, 0, V_ASN1_IA5STRING, NULL);
-    if (!str) {
-        str = X509_ATTRIBUTE_get0_data(challenge, 0, V_ASN1_PRINTABLESTRING,
-                NULL);
-        if (!str) {
-            ASN1_TYPE *asn1 = X509_ATTRIBUTE_get0_type(challenge, 0);
-            log_message(r, APR_SUCCESS,
-                    apr_psprintf(r->pool,
-                            "challenge included in certificate request was not V_ASN1_IA5STRING or V_ASN1_PRINTABLESTRING (%d instead)",
-                            asn1->type));
-
-            return HTTP_FORBIDDEN;
-        }
-    }
+	str = X509_ATTRIBUTE_get0_data(challenge, 0, V_ASN1_UTF8STRING, NULL);
+	if (!str) {
+		str = X509_ATTRIBUTE_get0_data(challenge, 0, V_ASN1_IA5STRING, NULL);
+		if (!str) {
+			str = X509_ATTRIBUTE_get0_data(challenge, 0, V_ASN1_PRINTABLESTRING,
+					NULL);
+			if (!str) {
+				ASN1_TYPE *asn1 = X509_ATTRIBUTE_get0_type(challenge, 0);
+				log_message(r, APR_SUCCESS,
+						apr_psprintf(r->pool,
+								"challenge included in certificate request was not V_ASN1_UTF8STRING, V_ASN1_IA5STRING, or V_ASN1_PRINTABLESTRING (%d instead)",
+								asn1->type));
+
+				return HTTP_FORBIDDEN;
+			}
+		}
+	}
     len = ASN1_STRING_to_UTF8(&buf, str);
     userPassword = apr_pstrndup(r->pool, (const char *) buf, len);
     if (!userPassword || !*userPassword) {

More information about the rs-commit mailing list