rfc7030 - access tls-unique channel binding value

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I'm using OpenXPKI, an open-source PKI, that relies on Apache.
And I would like to follow the specs rfc7030 - section 3.5 which is a way for the EST server to make sure that the CSR comes from the same client with whom the TLS connection has been established with (through the tls unique channel binding).

I'm able to extract this value in my Go client app through the package /tls/crypto and include it in my certificate request (CSR). And my Apache server should have access to that tls unique channel too so it can compare it to the one sent by the client (CSR).

Eventually, i would like my apache server to expose it through an environment variable, the logic of comparing would be kept at OpenXPKI level.

Is this achievable on Apache?
Does it also work for tls1.3 version, using tls-exporter instead?

Thanks in advance,
Mohamed

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux