[cas-dev] mod_auth_cas wildcard certificate patch
Earl Fogel
earl.fogel at usask.ca
Wed Sep 26 13:24:41 EDT 2007
Hello,
Our CAS server has a wildcard certificate (the name in the
certificate is *.usask.ca). mod_auth_cas doesn't understand
wildcard certificates, so certificate validation always fails.
I've attached a patch for mod_auth_cas 1.0.1 to fix this,
please consider including this in a future release.
Thanks,
Earl
--
Earl Fogel
Information Technology Services phone: (306) 966-4861
University of Saskatchewan email: earl.fogel at usask.ca
-------------- next part --------------
$ diff -u mod_auth_cas.c.orig mod_auth_cas.c
--- mod_auth_cas.c.orig 2007-09-24 05:38:58.000000000 -0600
+++ mod_auth_cas.c 2007-09-26 10:30:44.000000000 -0600
@@ -1015,8 +1015,13 @@
if(strlen(cn) >= sizeof(buf) - 1)
return FALSE;
- if(apr_strnatcmp(buf, cn) == 0)
- return TRUE;
+ if (buf[0] == '*') { /* wildcard certificate? */
+ char *domain = strchr(cn,'.');
+ return(!apr_strnatcmp(buf+1,domain));
+ } else {
+ if(apr_strnatcmp(buf, cn) == 0)
+ return TRUE;
+ }
return FALSE;
}
More information about the cas-dev
mailing list