Client SSL Authentication Module
Since SSL is already integrated, there should be a client-certificate authentication module.
I believe such a module exists for Apache (however their SSL implementation looks to be all as a module...) so perhaps somebody can look there for advice...
Maybe this can be integrated such that a Lua script can receive certificate information and map this to usable information... not sure how client-cert auth works in the backend besides the fact that the cert must be signed by a CA in the chain of authorized CA's for client-cert auth...
Updated by Lars almost 15 years ago
client validation is controlled with two new config options:
ssl.verify-peer (boolean, default = "disable") ssl.verify-depth (short, default = 9)
If verification is turned on lighttpd disconnects all clients
which do not provide a valid client certificate.
Note: You will also need the CA file which provides the root
certificate for validation:
ssl.ca-file = "/path/to/ca.crt"
example SSL section in 'lighttpd.conf' looks like this:
ssl.engine = "enable" ssl.use-sslv2 = "disable" ssl.pemfile = "/etc/lighttpd/server.pem" ssl.ca-file = "/etc/lighttpd/ca.crt" ssl.verify-peer = "enable" ssl.verify-depth = 1
Also available in: Atom