From 1b8ed0b59d6ada6712118e269246042baba1ed54 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Tue, 15 Apr 2014 15:40:03 +0200
Subject: [PATCH] miniupnpd/upnpsoap.c: DeviceProtection has to check peer
 certificate

---
 miniupnpd/upnpsoap.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/miniupnpd/upnpsoap.c b/miniupnpd/upnpsoap.c
index 28ee678..9f6eda5 100644
--- a/miniupnpd/upnpsoap.c
+++ b/miniupnpd/upnpsoap.c
@@ -1905,15 +1905,18 @@ GetAssignedRoles(struct upnphttp * h, const char * action)
 		"</u:%sResponse>";
 	char body[1024];
 	int bodylen;
-	const char * RoleList; /* list of roles separated by spaces */
+	const char * RoleList = "Public"; /* list of roles separated by spaces */
 
 #ifdef ENABLE_HTTPS
-	if(h->ssl != NULL)
-		RoleList = "Admin Basic";
-	else
-		RoleList = "Public";
-#else
-	RoleList = "Public";
+	if(h->ssl != NULL) {
+		/* we should get the Roles of the session (based on client certificate) */
+		X509 * peercert;
+		peercert = SSL_get_peer_certificate(h->ssl);
+		if(peercert != NULL) {
+			RoleList = "Admin Basic";
+			X509_free(peercert);
+		}
+	}
 #endif
 
 	bodylen = snprintf(body, sizeof(body), resp,