You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2013/10/09 06:53:45 UTC
[jira] [Comment Edited] (TS-1584) Exposing client SSL certificate
verification result in plugin API
[ https://issues.apache.org/jira/browse/TS-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790022#comment-13790022 ]
James Peach edited comment on TS-1584 at 10/9/13 4:53 AM:
----------------------------------------------------------
I think we can aim for 4.x.
was (Author: jamespeach):
I think we can
> Exposing client SSL certificate verification result in plugin API
> ------------------------------------------------------------------
>
> Key: TS-1584
> URL: https://issues.apache.org/jira/browse/TS-1584
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL, TS API
> Affects Versions: 3.3.4
> Reporter: Thach Tran
> Assignee: James Peach
> Priority: Minor
> Labels: patch
> Fix For: 5.0.0
>
> Attachments: 0001-Exposing-client-ssl-certificate-verification-result-.patch, 0001-TS-1584-Retaining-some-info-from-client-certificate-.patch
>
>
> I'm writing an authentication plugin for traffic server and would like to implement the following logic:
> * If the client supplies valid certificate over ssl, allow the transaction to proceed with no further authentication.
> * Otherwise challenge the client with username/password authentication.
> Currently if I turn on client certificate checking in TS (proxy.config.ssl.client.certification_level > 0), the result of the client certificate verification happens at the SSLNetVConnection level and plugin hooks have no knowledge of this. This makes implementing the aforementioned logic not possible.
--
This message was sent by Atlassian JIRA
(v6.1#6144)