diff options
author | Renato Botelho <renato@netgate.com> | 2015-12-07 13:30:31 -0200 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2015-12-07 13:30:31 -0200 |
commit | 45dceed15bb1e96c278ced739542bb1e98257ad6 (patch) | |
tree | 3102936fb4cd0e1ee921bdf01bbbbf554b8396ea /src | |
parent | b2f154ac191b8fb70ba187d5edc9428db36091b1 (diff) | |
parent | 5319cf409c37343c7553a14c9636cb31862cb245 (diff) | |
download | pfsense-45dceed15bb1e96c278ced739542bb1e98257ad6.zip pfsense-45dceed15bb1e96c278ced739542bb1e98257ad6.tar.gz |
Merge pull request #2157 from ttalle/openvpn_certificate_cn_username_validation
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/openvpn.auth-user.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/etc/inc/openvpn.auth-user.php b/src/etc/inc/openvpn.auth-user.php index f994eb7..d258135 100644 --- a/src/etc/inc/openvpn.auth-user.php +++ b/src/etc/inc/openvpn.auth-user.php @@ -117,7 +117,7 @@ if (file_exists("{$g['varetc_path']}/openvpn/{$modeid}.ca")) { $authenticated = false; -if (($strictusercn === true) && ($common_name != $username)) { +if (($strictusercn === true) && (mb_strtolower($common_name) !== mb_strtolower($username))) { syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n"); if (isset($_GET['username'])) { echo "FAILED"; |