DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18395>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18395 SSL VerifyClient with POST would be useful ------- Additional Comments From [EMAIL PROTECTED] 2003-11-17 01:13 ------- So I guess Apache 2.0 just can't be used to implement any web services who want to do SSL-based authentication? Here's the scenario where getting the SSL info on a post is absolutely critical: Say I want to make a web service application which clients can call to check on their order status (e.g., processing, shipped, etc.). I have a MySQL database which stores all the customer data (IDs, SSL public keys, etc.). Clients call an XML-RPC method to determine their order status. I want to be able to look up their customer ID based on the SSL cert they're using so I can issue the appropriate response. Pretty simple, right? XML-RPC (and SOAP) are both POST-based. That means if the client calls the XML-RPC method, I have no way of getting at the SSL cert that the client is using, and therefore, cannot validate it with the one I have in the database. This kind of authentication isn't necessarily all that commonplace in a user-driven application, but is quite necessary for use in the world of web services. Is there a workaround in the mean time? Does this work in 1.x? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
