From: Bradley Nicholes <bnicholes@apache.org>
Date: Mon, 23 Aug 2004 23:25:12 +0000 (+0000)
Subject: Since OpenLDAP doesn't validate the certificate until it tries to use it, at lease... 
X-Git-Tag: STRIKER_2_1_0_RC1~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85b153052e8ebea9633907515e86914200aeb21a;p=thirdparty%2Fapache%2Fhttpd.git

Since OpenLDAP doesn't validate the certificate until it tries to use it, at lease make sure that the file path is good during configuration.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104776 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 5c62696356b..c40f211a674 100644
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -1044,6 +1044,8 @@ static const char *util_ldap_set_cert_auth(cmd_parms *cmd, void *dummy, const ch
         (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, 
 						  &ldap_module);
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    apr_finfo_t finfo;
+
     if (err != NULL) {
         return err;
     }
@@ -1054,6 +1056,15 @@ static const char *util_ldap_set_cert_auth(cmd_parms *cmd, void *dummy, const ch
 
     st->cert_auth_file = ap_server_root_relative(cmd->pool, file);
 
+    if (st->cert_auth_file && 
+        (apr_stat (&finfo, st->cert_auth_file, APR_FINFO_MIN, cmd->pool) != APR_SUCCESS))
+    {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, cmd->server, 
+                     "LDAP: Could not open SSL trusted certificate authority file - %s", 
+                     st->cert_auth_file == NULL ? file : st->cert_auth_file);
+        return "Invalid file path";
+    }
+
     return(NULL);
 }