authenticate against a hash of identifyable information from certificate instead of only serial (refs #324)

author: Andrew Dolgov <[email protected]> 2011-03-28 09:45:23 +0400
committer: Andrew Dolgov <[email protected]> 2011-03-28 09:45:23 +0400
commit: 8de8bfb8712855ee391c3702604f2acb6ffa124e (patch)
tree: 9fdca34f3a5c680feb5a7ce6b416142c98bf129d /functions.php
parent: 3d72afa19a7e8e7f7691086dedba7c5f9631f42f (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/functions.php b/functions.php
index 51731fa6e..c31727ca3 100644
--- a/functions.php
+++ b/functions.php
@@ -1757,9 +1757,19 @@
 		return true;
 	}
 
+	function get_ssl_certificate_id() {
+		if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]) {
+			return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
+				$_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
+				$_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
+				$_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
+		}
+		return "";
+	}
+
 	function get_login_by_ssl_certificate($link) {
 
-		$cert_serial = db_escape_string($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]);
+		$cert_serial = db_escape_string(get_ssl_certificate_id());
 
 		if ($cert_serial) {
 			$result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users
author	Andrew Dolgov <[email protected]>	2011-03-28 09:45:23 +0400
committer	Andrew Dolgov <[email protected]>	2011-03-28 09:45:23 +0400
commit	8de8bfb8712855ee391c3702604f2acb6ffa124e (patch)
tree	9fdca34f3a5c680feb5a7ce6b416142c98bf129d /functions.php
parent	3d72afa19a7e8e7f7691086dedba7c5f9631f42f (diff)