From 8de8bfb8712855ee391c3702604f2acb6ffa124e Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 28 Mar 2011 09:45:23 +0400
Subject: authenticate against a hash of identifyable information from
 certificate instead of only serial (refs #324)

---
 functions.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index 51731fa6e..c31727ca3 100644
--- a/functions.php
+++ b/functions.php
@@ -1757,9 +1757,19 @@
 		return true;
 	}
 
+	function get_ssl_certificate_id() {
+		if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]) {
+			return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
+				$_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
+				$_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
+				$_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
+		}
+		return "";
+	}
+
 	function get_login_by_ssl_certificate($link) {
 
-		$cert_serial = db_escape_string($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]);
+		$cert_serial = db_escape_string(get_ssl_certificate_id());
 
 		if ($cert_serial) {
 			$result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users
-- 
cgit v1.2.3-54-g00ecf