Since OpenLDAP doesn't validate the certificate until it tries to use it, at lease...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104776 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 5c62696356b2f5ab1bbd3328e95d9a2cc1ec4b4d..c40f211a674b7e70165b69fb4310144b47aca9fa 100644 (file)
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -1044,6 +1044,8 @@ static const char *util_ldap_set_cert_auth(cmd_parms *cmd, void *dummy, const ch
         (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, 
                                                  &ldap_module);
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    apr_finfo_t finfo;
+
     if (err != NULL) {
         return err;
     }
@@ -1054,6 +1056,15 @@ static const char *util_ldap_set_cert_auth(cmd_parms *cmd, void *dummy, const ch
 
     st->cert_auth_file = ap_server_root_relative(cmd->pool, file);
 
+    if (st->cert_auth_file && 
+        (apr_stat (&finfo, st->cert_auth_file, APR_FINFO_MIN, cmd->pool) != APR_SUCCESS))
+    {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server, 
+                     "LDAP: Could not open SSL trusted certificate authority file - %s", 
+                     st->cert_auth_file == NULL ? file : st->cert_auth_file);
+        return "Invalid file path";
+    }
+
     return(NULL);
 }