You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Andrea Palmieri <pa...@eng.it> on 2005/03/22 10:56:51 UTC

how to invalid an SSL session ?

I am writing some modules to do authentication in a reverse proxy scenario.

In a userid-password authentication mechanism I can invalid an authentication session using

$r->note_basic_auth_failure();
return Apache::AUTH_REQUIRED;  

In this way I can invalid the authentication session and promt the user once more with the user-id password dialog.

Is there a way to reach the same result using SSL session ? 
In this case the client authenticates itself providing a digital certificate (this is done using the "SSLVerifyClient require" directive), but I dont't know how to invalid the SSL session and how to prompt the user with the certificate dialog. 

Can anyone help ?
thanks

Andrea