| Issue 1805: | Authentication with CLIENT_SSL_CERT_LDAP doesn't work if certificate contains email | |
| 1 person starred this issue and may be notified of changes. | Back to list |
************************************************************ ***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW ***** ***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL ***** ***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC. ***** ***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS! ***** ************************************************************ Affected Version: 2.5.2 If the Client-SSL-Cert contains an email-address the exception "Couldn't extract username from your certificate" is thrown. To be more precise if certs[0].getSubjectDN().getName() returns something of the form "EMAILADDRESS=abc@domain.com, CN=My Name, OU=users, OU=ABC, DC=domain, DC=local" then the regex "CN=([^,]*),.*" does not match. The FIX is quite simple: In the file com.google.gerrit.httpd.auth.container.HttpsClientSslCertAuthFilter change the pattern from "CN=([^,]*),.*" to ".*CN=([^,]*),.*" on line 45.
Feb 26, 2013
#1
omark...@gmail.com
Feb 27, 2013
(No comment was entered for this change.)
Status:
Submitted
Labels: FixedIn-2.6 |
|
| ► Sign in to add a comment |