httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simo Sorce <s...@redhat.com>
Subject [PATCH] Support RFC5929 - Channel Bindings for TLS
Date Tue, 05 Aug 2014 22:24:29 GMT
Hello dev,

I have been working for a little while on making it possible to use
channel bindings within an Apache server.
In order to do that some support to extract information form the TLS
layer is necessary in the server.

The attached patch adds a new function call that modules can call in
order to obtain the channel binding data defined in RFC 5929.

I've tested that the patch works (at least for tls-server-end-point)
with the following:
- Apache 2.4.10 + patch
- mod_auth_gssapi [1] with support for the new function
- gss-ntlmssp [2]
- Internet Explorer on a modern Windows machine, performing
SPNEGO/GSSAPI/NTLMSSP auth + channel bindings

Any feedback is welcome,
Simo.


[1] https://github.com/modauthgssapi/mod_auth_gssapi
[2] https://fedorahosted.org/gss-ntlmssp/

-- 
Simo Sorce * Red Hat, Inc * New York

Mime
View raw message