suggested modification to mod_ssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "users@xxxxxxxxxxxxxxxx" <users@xxxxxxxxxxxxxxxx>
Subject: suggested modification to mod_ssl
From: "Schettler, Marty L." <Martin.L.Schettler@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 26 Oct 2019 19:13:00 +0000
Accept-language: en-US
Reply-to: users@xxxxxxxxxxxxxxxx
Thread-index: AdWMMBs64Mqhe6yHSlCYTN11m8iQ2Q==
Thread-topic: suggested modification to mod_ssl

My application uses a mod_perl fixup handler to connect to an external service to determine user authorization via client PKI certificate.

However, mod_ssl doesn’t reliably supply the client certificate information (in particular SSL_CLIENT_S_DN) in time for my module to process it.

I suggest adding the following at ssl_engine_kernel.c:1333

ssl_hook_Fixup(r);

Does that make sense, or am I missing something? I can’t use FakeBasicAuth because I don’t control the external service that I’m calling.

Thanks!
Marty

Prev by Date: Re: Fwd: Warning from users@xxxxxxxxxxxxxxxx
Next by Date: Re: Fwd: Warning from users@xxxxxxxxxxxxxxxx
Previous by thread: Optimal way to trigger logging if certain URL is accessed
Next by thread: How to convert mod_jk to mod_proxy_ajp on CentOS?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux