Commit dba63701 authored by Doug MacEachern's avatar Doug MacEachern
Browse files

prevent double lookup of ssl::verify::error 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90597 13f79535-47bb-0310-9956-ffa450edef68
parent 501d2c5c

modules/ssl/mod_ssl.c

+5 −4
Original line number Diff line number Diff line
@@ -342,7 +342,7 @@ int ssl_hook_process_connection(SSLFilterRec *pRec) 
{

    int n, err;

    X509 *xs;

    char *cp;

    char *cp = NULL;

    conn_rec *c = (conn_rec*)SSL_get_app_data (pRec->pssl);

    SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
@@ -445,9 +445,10 @@ int ssl_hook_process_connection(SSLFilterRec *pRec) 
        /*

         * Check for failed client authentication

         */

        if (   SSL_get_verify_result(pRec->pssl) != X509_V_OK

            || apr_table_get (c->notes, "ssl::verify::error") != NULL) {

            cp = (char *)apr_table_get(c->notes, "ssl::verify::error");

        if (SSL_get_verify_result(pRec->pssl) != X509_V_OK ||

            ((cp = (char *)apr_table_get(c->notes,

                                         "ssl::verify::error")) != NULL))

        {

            ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,

                    "SSL client authentication failed: %s",

                    cp != NULL ? cp : "unknown reason");