If trusting the remote IP, also trust the proxied SSL client cert https://github.com/webmin/webmin/issues/1962

2026-03-20 16:50:24 +00:00 · 2023-07-28 18:33:48 -07:00
parent 51e1c7bef3
commit b3b5fff0dc
1 changed files with 4 additions and 0 deletions
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -1693,6 +1693,10 @@ if ($use_ssl && $verified_client) {
 				Net::SSLeay::get_peer_certificate(
 					$ssl_con)));
 	$u = &find_user_by_cert($peername);
+	if ($config{'trust_real_ip'} && !$u && $header{'x-ssl-client-dn'}) {
+		# Use proxied client cert
+		$u = &find_user_by_cert($header{'x-ssl-client-dn'});
+		}
 	if ($u) {
 		$authuser = $u;
 		$validated = 2;