From b3b5fff0dc48574d71db12cdfd538c9fd11a55e3 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Fri, 28 Jul 2023 18:33:48 -0700
Subject: [PATCH] If trusting the remote IP, also trust the proxied SSL client
 cert https://github.com/webmin/webmin/issues/1962

---
 miniserv.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/miniserv.pl b/miniserv.pl
index 729e0635d..6e1b0ed77 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -1693,6 +1693,10 @@ if ($use_ssl && $verified_client) {
 				Net::SSLeay::get_peer_certificate(
 					$ssl_con)));
 	$u = &find_user_by_cert($peername);
+	if ($config{'trust_real_ip'} && !$u && $header{'x-ssl-client-dn'}) {
+		# Use proxied client cert
+		$u = &find_user_by_cert($header{'x-ssl-client-dn'});
+		}
 	if ($u) {
 		$authuser = $u;
 		$validated = 2;