Don't trust proxy-provided SSL cert if it's flagged as not verified

2026-04-07 01:30:26 +01:00 · 2026-04-01 18:17:02 -07:00
parent 7c5d4087fc
commit 3dbeb4e4db
1 changed files with 2 additions and 1 deletions
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -1721,7 +1721,8 @@ if ($header{'user-agent'} =~ /webmin/i ||
 # Check for SSL authentication
 my $trust_ssl = $config{'trust_real_ip'} && !$config{'no_trust_ssl'};
 if ($use_ssl && $verified_client ||
-    $trust_ssl && $header{'x-ssl-client-dn'}) {
+    $trust_ssl && $header{'x-ssl-client-dn'} &&
+                  $header{'x-ssl-client-verifiy'} !~ /^(failed|none)/i) {
 	if ($use_ssl && $verified_client) {
 		$peername = Net::SSLeay::X509_NAME_oneline(
 				Net::SSLeay::X509_get_subject_name(