mod_ssl: Set auth type to \"ClientCert\" after authentication

When client certificate authentication has been performed r->ap_auth_type was
never populated and env AUTH_TYPE was empty.
We now set auth type to \"ClientCert\".

PR: 45058
Submitted by: Michael Osipov <michaelo@apache.org>
Github: closes #645

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1934210 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/changes-entries/ssl-authtype.txt b/changes-entries/ssl-authtype.txt
new file mode 100644 (file)
index 0000000..c7c8da0
--- /dev/null
+++ b/changes-entries/ssl-authtype.txt
@@ -0,0 +1,2 @@
+*) mod_ssl: Set auth type to "ClientCert" when client certificate authentication
+   has been performed.  [Michael Osipov <michaelo apache.org>]

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index cb88f0112c6fbe4c653f2fb8d03628c423bb6a41..9ee25ec52ca068521aed90e245f68fbc9f6635d9 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1130,8 +1130,10 @@ int ssl_hook_Access(request_rec *r)
     if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
         const char *val = ssl_var_lookup(r->pool, r->server, r->connection,
                                          r, dc->szUserName);
-        if (val && val[0])
+        if (val && val[0]) {
             r->user = apr_pstrdup(r->pool, val);
+            r->ap_auth_type = "ClientCert";
+        }
         else
             ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02227)
                           "Failed to set r->user to '%s'", dc->szUserName);