diff options
author | Andrew Dolgov <[email protected]> | 2011-03-28 09:45:23 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2011-03-28 09:45:23 +0400 |
commit | 8de8bfb8712855ee391c3702604f2acb6ffa124e (patch) | |
tree | 9fdca34f3a5c680feb5a7ce6b416142c98bf129d /functions.php | |
parent | 3d72afa19a7e8e7f7691086dedba7c5f9631f42f (diff) |
authenticate against a hash of identifyable information from certificate instead of only serial (refs #324)
Diffstat (limited to 'functions.php')
-rw-r--r-- | functions.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/functions.php b/functions.php index 51731fa6e..c31727ca3 100644 --- a/functions.php +++ b/functions.php @@ -1757,9 +1757,19 @@ return true; } + function get_ssl_certificate_id() { + if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]) { + return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] . + $_SERVER["REDIRECT_SSL_CLIENT_V_START"] . + $_SERVER["REDIRECT_SSL_CLIENT_V_END"] . + $_SERVER["REDIRECT_SSL_CLIENT_S_DN"]); + } + return ""; + } + function get_login_by_ssl_certificate($link) { - $cert_serial = db_escape_string($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]); + $cert_serial = db_escape_string(get_ssl_certificate_id()); if ($cert_serial) { $result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users |