From 3224e870197e1f4adf84ee26229e33274b88f41b Mon Sep 17 00:00:00 2001
From: Daan van Renterghem <dvrenterghem@ibuildings.nl>
Date: Thu, 11 Sep 2014 16:47:07 +0200
Subject: [PATCH] Fix client-certificate match if-check

`preg_match` returns `0` if no matches are found, `FALSE` only on error. This means that with the previous check unmatching certificates would not be identified, only when the preg_match itself would error.
---
 modules/saml/lib/Message.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 61d6e1fdf..0d8efe143 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -621,8 +621,9 @@ class sspmod_saml_Message {
 				/* Extract certificate data (if this is a certificate). */
 				$clientCert = $_SERVER['SSL_CLIENT_CERT'];
 				$pattern = '/^-----BEGIN CERTIFICATE-----([^-]*)^-----END CERTIFICATE-----/m';
-				if (preg_match($pattern, $clientCert, $matches) === FALSE) {
-				    $lastError = 'No valid client certificate provided during TLS Handshake with SP';
+				if (!preg_match($pattern, $clientCert, $matches)) {
+				    $lastError = 'Error while looking for client certificate during TLS handshake with SP, the client certificate does not '
+				                 . 'have the expected structure';
 				    continue;
 				}
 				/* We have a valid client certificate from the browser. */
-- 
GitLab