From d21218b416c7f26cb42a491bbd04bcd0d6a65b51 Mon Sep 17 00:00:00 2001 From: Aki Tuomi Date: Wed, 16 Jan 2019 18:28:57 +0200 Subject: [PATCH 1/3] auth: Do not import empty certificate username --- src/auth/auth-request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: dovecot-2.3.2.1/src/auth/auth-request.c =================================================================== --- dovecot-2.3.2.1.orig/src/auth/auth-request.c 2019-01-28 08:49:08.117668002 -0500 +++ dovecot-2.3.2.1/src/auth/auth-request.c 2019-01-28 08:49:08.113667992 -0500 @@ -454,7 +454,7 @@ bool auth_request_import_auth(struct aut else if (strcmp(key, "valid-client-cert") == 0) request->valid_client_cert = TRUE; else if (strcmp(key, "cert_username") == 0) { - if (request->set->ssl_username_from_cert) { + if (request->set->ssl_username_from_cert && *value != '\0') { /* get username from SSL certificate. it overrides the username given by the auth mechanism. */ request->user = p_strdup(request->pool, value);