httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joost de Heer <jo...@sanguis.xs4all.nl>
Subject Re: asking mod_ssl for client certificates from another module
Date Fri, 05 Aug 2005 07:07:56 GMT
Daniel Risacher wrote:

>I've been trying to figure out if there is a way to ask mod_ssl to
>require client certificates from another module before the response
>phase.  (I think the answer is 'no'.)
>
>In more detail, I'm prototyping an access handler that would allow
>requests from certain client IP addresses, and require client
>certificates from all others.  It seems like mod_ssl API does not have
>a hook for requesting a renegotiation; and that this can only be done
>on a per directory basis at configure time.  
>
>Can someone who understands mod_ssl comment on how to dynamically
>force client authentication?  Would it be feasible to make such an
>extension to the mod_ssl API?  
>
>Dan
>  
>
Untested:

SSLVerifyClient optional
SSLRequire REMOTE_ADDR =~ pattern or %{SSL_CLIENT_S_DN_O} eq "Your 
Organisation"

Joost

Mime
View raw message