You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modules-dev@httpd.apache.org by Michael Sierks <ms...@sierkstech.net> on 2010/09/22 08:11:51 UTC

mod_ssl with dbd support

  Hi,

I would like to have mod_ssl retrieve certificate information from a 
database according to the request URI specifically using the dbd 
framework. I am not completely sure it is even possible. But if it were, 
what would be the best way to get this functionality ? Could a module be 
made to extend mod_ssl or does mod_ssl itself have to be modified ? If 
anyone could give me some more information about the best way to solve 
this problem, it would be greatly appreciated.

Regards,

Michael Sierks

Re: mod_ssl with dbd support

Posted by Michael Sierks <ms...@sierkstech.net>.

  Sorry, I was incorrect. I need the certificate to be taken from then 
database depending upon the IP Address used to connect or the SNI.

On 09/22/2010 05:44 AM, William A. Rowe Jr. wrote:
> On 9/22/2010 1:11 AM, Michael Sierks wrote:
>> I would like to have mod_ssl retrieve certificate information from a database according to
>> the request URI
> That doesn't work, because you don't see a URI until the SSL session is established,
> including the server and client certificates.


-- 
Michael Sierks
Software Developer
-------------------------------
SierksTech
668 Glenway Avenue
Winnipeg, MB Canada R2G 1J1
p: 1-204-223-0279
www.sierkstech.net

Re: mod_ssl with dbd support

Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.

On 9/22/2010 1:11 AM, Michael Sierks wrote:
> 
> I would like to have mod_ssl retrieve certificate information from a database according to
> the request URI

That doesn't work, because you don't see a URI until the SSL session is established,
including the server and client certificates.

Re: mod_ssl with dbd support

Posted by Mads Toftum <ma...@toftum.dk>.

On Wed, Sep 22, 2010 at 01:11:51AM -0500, Michael Sierks wrote:
> I would like to have mod_ssl retrieve certificate information from a
> database according to the request URI specifically using the dbd
> framework. I am not completely sure it is even possible. But if it
> were, what would be the best way to get this functionality ? Could a
> module be made to extend mod_ssl or does mod_ssl itself have to be
> modified ? If anyone could give me some more information about the
> best way to solve this problem, it would be greatly appreciated.
> 
There seems to be a bit missing about just what it is you'd want mod_ssl
to retrieve from the dbd? A list of allowed client certs? because then
you could probably get much the same effect with either SSLusername or
SSLOptions FakeBasicAuth and the authn dbd module.

vh

Mads Toftum
-- 
http://soulfood.dk