Hi !!!
I grab many part of ssl_mod to develop a ssl proxy using certificates to
restrict access to internal resource
(http://www.multimania.com/jonama/)...
Questions :
1) It's not clear is if SSLCACertificatePath must point to a directory
with client certs or a directory with well-known CA certs (ie
Thawte/Verisign..).
2) Did mod_ssl need hash filename in CAPath since it parse all files in
the directory ???
.........
if (cpCApath != NULL) {
dir = ap_popendir(p, cpCApath);
while ((direntry = readdir(dir)) != NULL) {
cp = ap_pstrcat(p, cpCApath, "/", direntry->d_name, NULL);
sk = SSL_load_client_CA_file(cp);
for(n = 0; sk != NULL && n < sk_num(sk); n++) {
ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s",
X509_NAME_oneline((X509_NAME *)sk_value(sk, n),
NULL, 0));
if (sk_find(skCAList, sk_value(sk, n)) < 0)
sk_push(skCAList, sk_value(sk, n));
}
}
ap_pclosedir(p, dir);
}
.........
3) When and where the client certificate verification is done in mod_ssl
?
4) I've got a WebServer certificate from Thawte. Can I use it or modify
it to sign my own certificates ???
1) Thawte
2) my WWW certificate
3) my clients certs
Thanks...
+---------------------------------------------+
| | S.L.I.B |
| ____[_]____ | 5 Place Charles B�raudier |
| (. .) | 69428 Lyon Cedex 03 |
+-oOOo--(_)--oOOo-----------------------------+
| Tel: 0472367723 |
| Henri Gomez [EMAIL PROTECTED] Fax: 0472367778 |
+---------------------------------------------+
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
