Feature #921
closedClient SSL Authentication Module
Description
Since SSL is already integrated, there should be a client-certificate authentication module.
I believe such a module exists for Apache (however their SSL implementation looks to be all as a module...) so perhaps somebody can look there for advice...
Maybe this can be integrated such that a Lua script can receive certificate information and map this to usable information... not sure how client-cert auth works in the backend besides the fact that the cert must be signed by a CA in the chain of authorized CA's for client-cert auth...
Files
Updated by Lars about 17 years ago
'''lighttpd-1.4.13_ssl_client_verify_0.2.patch:'''
client validation is controlled with two new config options:
ssl.verify-peer (boolean, default = "disable") ssl.verify-depth (short, default = 9)
If verification is turned on lighttpd disconnects all clients
which do not provide a valid client certificate.
Note: You will also need the CA file which provides the root
certificate for validation:
ssl.ca-file = "/path/to/ca.crt"
example SSL section in 'lighttpd.conf' looks like this:
ssl.engine = "enable" ssl.use-sslv2 = "disable" ssl.pemfile = "/etc/lighttpd/server.pem" ssl.ca-file = "/etc/lighttpd/ca.crt" ssl.verify-peer = "enable" ssl.verify-depth = 1
Updated by Anonymous almost 17 years ago
Lars,
Will this patch set all of the environment variables that one would expect to see when using SSL client certificates?
Thanks,
Stan McFarland
sfmcfar@gmail.com
-- sfmcfar
Updated by nmaier over 16 years ago
Ported to trunk, enhanced and backported to 1.4.x: #1288
Thanks Lars for pointing me in the right direction. :D
Also available in: Atom