Hi all,
NaHi schrieb:
Test suite of http-access2 has the server.
http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/lib/http-access2/test/
See the :SSLVerifyClient option in sslsvr.rb.
Thanks for the tip. I take a look - but dont understand :-(.
What are the options OpenSSL::SSL::VERIFY_PEER and OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT standing for?
My job is to write a HTTPS-secured server that must authenticate the client (Internet Explorer) with certificates.
Thanks,
Roland
Hi,
From: SchmittR@t-systems.com
Sent: Wednesday, February 04, 2004 10:35 PM
Thanks for the tip. I take a look - but dont understand :-(.
What are the options OpenSSL::SSL::VERIFY_PEER and
OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT standing for?
These options are just for your purpose.
See NOTES section of
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
My job is to write a HTTPS-secured server that must
authenticate the client (Internet Explorer) with certificates.
sslsvr.rb with above options should work as you expected.
Run sslsvr.rb and hit https://localhost:17171/hello with browser.
sslsvr.rb should deny the access.
Then, import client.cert and client.key into your browser and
hit the URL again.
In do_hello block, you can get the client certificate which is
verified in a session with req.meta_vars[‘SSL_CLIENT_CERT’]
Regards,
// NaHi
Hi,
From: “NAKAMURA, Hiroshi” nahi@keynauts.com
Sent: Thursday, February 05, 2004 5:18 PM
In do_hello block, you can get the client certificate which is
verified in a session with req.meta_vars[‘SSL_CLIENT_CERT’]
There is another way to know who is the client.
req.client_cert is an instance of OpenSSL::X509::Certificate.
See req.client_cert.subject to see who is the authenticated client.
Regards,
// NaHi