jakarta-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: Jakarta and SSL client certificates
Date Thu, 04 Nov 1999 18:09:27 GMT
Michal Mosiewicz wrote:
> 
> Paul Frieden wrote:
> > [...]
> > Is there any support for these features planned at this point?  If not,
> > I would be willing to help make the changes.  This would require changes
> > to the protocol to add the additional variables, which would quite
> > possibly introduce incompatibility.
> 
> Yes, it is planned in the next ajpv12 incarnation. The problem is that
> AFAIR there is more than one ssl implementation for apache, and I have
> to check them first to be able to provide consistent solution.

They're all based on OpenSSL, though, so access to certificates should
be fairly uniform.

One snag: in Apache-SSL, at least, access to client certificates is
optional. This is because they have to be cached when session caching is
enabled, which consumes resources. If certificate caching is switched
off, then they are only available on the first connection. Just warning
you about a potential pitfall.

> Just need a spare day, and will do it.

Yell if you need help: this is something I've been meaning to look at
for a while.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
     - Indira Gandhi

Mime
View raw message