]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
auth: Fail authentication if certificate username was unexpectedly missing
authorAki Tuomi <aki.tuomi@open-xchange.com>
Wed, 16 Jan 2019 16:24:20 +0000 (18:24 +0200)
committerAki Tuomi <aki.tuomi@open-xchange.com>
Tue, 5 Feb 2019 13:54:17 +0000 (13:54 +0000)
src/auth/auth-request-handler.c

index 42f507324bf6cbcb25bf62d27d471601bd27450e..f85570e3e8351fae6f2d4534955489f7bc110e5f 100644 (file)
@@ -581,6 +581,14 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
                return TRUE;
        }
 
+        if (request->set->ssl_require_client_cert &&
+            request->set->ssl_username_from_cert &&
+            !request->cert_username) {
+                 auth_request_handler_auth_fail(handler, request,
+                        "SSL certificate didn't contain username");
+                return TRUE;
+        }
+
        /* Handle initial respose */
        if (initial_resp == NULL) {
                /* No initial response */