bug 841: not only check for serial number but for serial number and issuer

in combination when checking login Fix provided by Uli60 Signed-off-by: Michael Tänzer <neo@nhng.de>
author: Michael Tänzer <neo@nhng.de> 2011-07-06 01:01:24 +0200
committer: Michael Tänzer <neo@nhng.de> 2011-07-06 01:01:24 +0200
commit: b5ee07271aea9e0722a7ed58e52f80b495d190d0 (patch)
tree: b7cc38642b6a1a0c29f097c1597083ce266aabd6 /www
parent: 00675c949494888ac5f3cd802de41bf6f2caf45b (diff)
download: cacert-devel-b5ee07271aea9e0722a7ed58e52f80b495d190d0.tar.gz
cacert-devel-b5ee07271aea9e0722a7ed58e52f80b495d190d0.tar.xz
cacert-devel-b5ee07271aea9e0722a7ed58e52f80b495d190d0.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/www/index.php b/www/index.php
index fb215c6..ddfa610 100644
--- a/www/index.php
+++ b/www/index.php
@@ -148,7 +148,12 @@
 
 	if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
 	{
-		$query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and disablelogin=0 and
+		include_once("../includes/lib/general.php");
+		/* identify unique certs serial number related to root or subroot */
+		$query = "select * from `emailcerts` where
+				`serial`='".$_SERVER['SSL_CLIENT_M_SERIAL']."' and
+				`rootcert`='".rootcertid($_SERVER['SSL_CLIENT_I_DN_CN'])."' and
+				`revoked`=0 and disablelogin=0 and
 				UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 0)
author	Michael Tänzer <neo@nhng.de>	2011-07-06 01:01:24 +0200
committer	Michael Tänzer <neo@nhng.de>	2011-07-06 01:01:24 +0200
commit	b5ee07271aea9e0722a7ed58e52f80b495d190d0 (patch)
tree	b7cc38642b6a1a0c29f097c1597083ce266aabd6 /www
parent	00675c949494888ac5f3cd802de41bf6f2caf45b (diff)
download	cacert-devel-b5ee07271aea9e0722a7ed58e52f80b495d190d0.tar.gz cacert-devel-b5ee07271aea9e0722a7ed58e52f80b495d190d0.tar.xz cacert-devel-b5ee07271aea9e0722a7ed58e52f80b495d190d0.zip