From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 16 Jan 2019 16:24:20 +0000 (+0200)
Subject: auth: Fail authentication if certificate username was unexpectedly missing
X-Git-Tag: 2.3.4.1~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ff6de090563684dc05128198fd6a69b0594a4165;p=thirdparty%2Fdovecot%2Fcore.git

auth: Fail authentication if certificate username was unexpectedly missing
---

diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index ae7b458c9c..318f150316 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -581,6 +581,14 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
 		return TRUE;
 	}
 
+	 if (request->set->ssl_require_client_cert &&
+	     request->set->ssl_username_from_cert &&
+	     !request->cert_username) {
+		  auth_request_handler_auth_fail(handler, request,
+			 "SSL certificate didn't contain username");
+		 return TRUE;
+	 }
+
 	/* Handle initial respose */
 	if (initial_resp == NULL) {
 		/* No initial response */