Project

General

Profile

Actions

Feature #921

closed

Client SSL Authentication Module

Added by harningt over 14 years ago. Updated over 11 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:

Description

Since SSL is already integrated, there should be a client-certificate authentication module.
I believe such a module exists for Apache (however their SSL implementation looks to be all as a module...) so perhaps somebody can look there for advice...

Maybe this can be integrated such that a Lua script can receive certificate information and map this to usable information... not sure how client-cert auth works in the backend besides the fact that the cert must be signed by a CA in the chain of authorized CA's for client-cert auth...


Files

lighttpd-1.4.13_ssl_client_verify_0.2.patch (4.61 KB) lighttpd-1.4.13_ssl_client_verify_0.2.patch Lars, 2007-03-02 18:14
lighttpd-1.4.16_ssl-client-verify_0.3.patch (8.5 KB) lighttpd-1.4.16_ssl-client-verify_0.3.patch Client SSL Authentication Patch with SSL_CLIENT_S_DN environment variables for CGI/FastCGI/SCGI presbrey, 2007-07-26 14:54

Related issues

Is duplicate of Feature #1288: SSL Client Certificate validation.FixedActions
Actions #1

Updated by Lars over 14 years ago

'''lighttpd-1.4.13_ssl_client_verify_0.2.patch:'''

client validation is controlled with two new config options:


ssl.verify-peer (boolean, default = "disable")
ssl.verify-depth (short, default = 9)

If verification is turned on lighttpd disconnects all clients
which do not provide a valid client certificate.
Note: You will also need the CA file which provides the root
certificate for validation:


ssl.ca-file             = "/path/to/ca.crt" 

example SSL section in 'lighttpd.conf' looks like this:


ssl.engine              = "enable" 
ssl.use-sslv2           = "disable" 
ssl.pemfile             = "/etc/lighttpd/server.pem" 
ssl.ca-file             = "/etc/lighttpd/ca.crt" 
ssl.verify-peer         = "enable" 
ssl.verify-depth        = 1
Actions #2

Updated by Anonymous about 14 years ago

Lars,

Will this patch set all of the environment variables that one would expect to see when using SSL client certificates?

Thanks,

Stan McFarland

-- sfmcfar

Actions #3

Updated by nmaier almost 14 years ago

Ported to trunk, enhanced and backported to 1.4.x: #1288

Thanks Lars for pointing me in the right direction. :D

Actions #4

Updated by stbuehler over 11 years ago

  • Status changed from New to Fixed

Applied in changeset r2688.

Actions

Also available in: Atom