From 3224e870197e1f4adf84ee26229e33274b88f41b Mon Sep 17 00:00:00 2001 From: Daan van Renterghem <dvrenterghem@ibuildings.nl> Date: Thu, 11 Sep 2014 16:47:07 +0200 Subject: [PATCH] Fix client-certificate match if-check `preg_match` returns `0` if no matches are found, `FALSE` only on error. This means that with the previous check unmatching certificates would not be identified, only when the preg_match itself would error. --- modules/saml/lib/Message.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php index 61d6e1fdf..0d8efe143 100644 --- a/modules/saml/lib/Message.php +++ b/modules/saml/lib/Message.php @@ -621,8 +621,9 @@ class sspmod_saml_Message { /* Extract certificate data (if this is a certificate). */ $clientCert = $_SERVER['SSL_CLIENT_CERT']; $pattern = '/^-----BEGIN CERTIFICATE-----([^-]*)^-----END CERTIFICATE-----/m'; - if (preg_match($pattern, $clientCert, $matches) === FALSE) { - $lastError = 'No valid client certificate provided during TLS Handshake with SP'; + if (!preg_match($pattern, $clientCert, $matches)) { + $lastError = 'Error while looking for client certificate during TLS handshake with SP, the client certificate does not ' + . 'have the expected structure'; continue; } /* We have a valid client certificate from the browser. */ -- GitLab