[ https://issues.apache.org/jira/browse/TS-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thach Tran updated TS-1584: --------------------------- Attachment: 0001-TS-1584-Retaining-some-info-from-client-certificate-.patch Updated patch to also expose client cert's common name and issuer name. > Exposing client SSL certificate verification result in plugin API > ------------------------------------------------------------------ > > Key: TS-1584 > URL: https://issues.apache.org/jira/browse/TS-1584 > Project: Traffic Server > Issue Type: Improvement > Components: SSL, TS API > Affects Versions: 3.3.4 > Reporter: Thach Tran > Assignee: James Peach > Priority: Minor > Labels: patch > Fix For: 3.3.1 > > Attachments: > 0001-Exposing-client-ssl-certificate-verification-result-.patch, > 0001-TS-1584-Retaining-some-info-from-client-certificate-.patch > > > I'm writing an authentication plugin for traffic server and would like to > implement the following logic: > * If the client supplies valid certificate over ssl, allow the transaction > to proceed with no further authentication. > * Otherwise challenge the client with username/password authentication. > Currently if I turn on client certificate checking in TS > (proxy.config.ssl.client.certification_level > 0), the result of the client > certificate verification happens at the SSLNetVConnection level and plugin > hooks have no knowledge of this. This makes implementing the aforementioned > logic not possible. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira