Feature #921
closedClient SSL Authentication Module
Description
Since SSL is already integrated, there should be a client-certificate authentication module.
I believe such a module exists for Apache (however their SSL implementation looks to be all as a module...) so perhaps somebody can look there for advice...
Maybe this can be integrated such that a Lua script can receive certificate information and map this to usable information... not sure how client-cert auth works in the backend besides the fact that the cert must be signed by a CA in the chain of authorized CA's for client-cert auth...
Files
Updated by Lars over 17 years ago
'''lighttpd-1.4.13_ssl_client_verify_0.2.patch:'''
client validation is controlled with two new config options:
ssl.verify-peer (boolean, default = "disable") ssl.verify-depth (short, default = 9)
If verification is turned on lighttpd disconnects all clients
which do not provide a valid client certificate.
Note: You will also need the CA file which provides the root
certificate for validation:
ssl.ca-file = "/path/to/ca.crt"
example SSL section in 'lighttpd.conf' looks like this:
ssl.engine = "enable" ssl.use-sslv2 = "disable" ssl.pemfile = "/etc/lighttpd/server.pem" ssl.ca-file = "/etc/lighttpd/ca.crt" ssl.verify-peer = "enable" ssl.verify-depth = 1
Updated by Anonymous over 17 years ago
Lars,
Will this patch set all of the environment variables that one would expect to see when using SSL client certificates?
Thanks,
Stan McFarland
sfmcfar@gmail.com
-- sfmcfar
Updated by nmaier over 17 years ago
Ported to trunk, enhanced and backported to 1.4.x: #1288
Thanks Lars for pointing me in the right direction. :D
Updated by stbuehler about 15 years ago
- Status changed from New to Fixed
Applied in changeset r2688.
Also available in: Atom