From bb4acb246def86382649640186ecbbbc76c32970 Mon Sep 17 00:00:00 2001 From: Michael Osipov Date: Thu, 14 May 2026 21:32:20 +0200 Subject: [PATCH] mod_ssl: Set auth type to "ClientCert" after authentication When client certificate authentication has been performed r->ap_auth_type was never populated and env AUTH_TYPE was empty. We now set auth type to "ClientCert". PR: 45058 GitHub: closes #645 --- changes-entries/ssl-authtype.txt | 2 ++ modules/ssl/ssl_engine_kernel.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 changes-entries/ssl-authtype.txt diff --git a/changes-entries/ssl-authtype.txt b/changes-entries/ssl-authtype.txt new file mode 100644 index 00000000000..c7c8da0aed7 --- /dev/null +++ b/changes-entries/ssl-authtype.txt @@ -0,0 +1,2 @@ +*) mod_ssl: Set auth type to "ClientCert" when client certificate authentication + has been performed. [Michael Osipov ] diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index cb88f0112c6..9ee25ec52ca 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1130,8 +1130,10 @@ int ssl_hook_Access(request_rec *r) if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) { const char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, dc->szUserName); - if (val && val[0]) + if (val && val[0]) { r->user = apr_pstrdup(r->pool, val); + r->ap_auth_type = "ClientCert"; + } else ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02227) "Failed to set r->user to '%s'", dc->szUserName);