On Tuesday, 12/02/2008 at 10:40 EST, Alan Ackerman <[EMAIL PROTECTED]> wrote:
> True, you can use SSLSERV instead, but it does not support client-side ce > rtificates. None of the > CGI environment variables are set, as it is "transparent" to the server. > Sometimes you do not want > to be so transparent. Any chance that IBM will support client-side certif > icates sometime soon? What sort of information about the SSL session is useful to an app? We have thrown around the idea of an ibmsockopt or ioctl that would tell the app whether or not the session is protected and, if so, by what encryption suite. (The info is available in the Pascal API, but not C.) Supporting client-side certificates is only useful (IMO) if you have a way to correlate the client cert to a user ID registry. I think that it is safe to say that "soon" would not be an adjective to use in this case. Alan Altmark z/VM Development IBM Endicott
