Revision 5319cf40
Added by Talle over 9 years ago
| src/etc/inc/openvpn.auth-user.php | ||
|---|---|---|
| 117 | 117 |
|
| 118 | 118 |
$authenticated = false; |
| 119 | 119 |
|
| 120 |
if (($strictusercn === true) && ($common_name != $username)) {
|
|
| 120 |
if (($strictusercn === true) && (mb_strtolower($common_name) !== mb_strtolower($username))) {
|
|
| 121 | 121 |
syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n");
|
| 122 | 122 |
if (isset($_GET['username'])) {
|
| 123 | 123 |
echo "FAILED"; |
Also available in: Unified diff
Change comparison of username to certificate common name to be safer and case insensitive
Currently the username is compared against the common name using a standard PHP comparison,
this is unsafe because it might do unintended type conversions. So change the != comparison to
an !== comparison to make sure the types match.
Since usernames on Windows sytstems are not case-sensitive and prone to case differences in
user input or auto filled fields we should allow case differences between the username and the
certificate common name.