Hi,
I am very interested.
I have actually done something similar in spirit, but very different.
Using mod_perl and an AuthHandler, I translate a FakeBasicAuthentication
user (the certificate's SubjectDN) to an LDAP user with that SubjectDN
in an special attribute. I was looking for a way to access other
information of the certificate in order to compare it with the one
stored in the LDAP or someting like that, but found that I have to
access EAPI information from inside mod_perl and that is pending work.
I handled what I did to Clayton Donley (author of PerLDAP and
Apache-AuthLDAP modules), but he is very busy and never give me feedback
on what I did. If any one is interested I can email a copy.
I think your solution could be much better, and, with some time
constraints, I offer to help with what I could.
Regards, Alf
Andrea e Luca Giacobazzi wrote:
> Hi everybody, my name is Andrea Giacobazzi, and i'm developing a
> patch for mod_sslexactly in function ssl_engine_kernel.c (look at
> labels "Giacob") to realize an ocsp responderto verify client
> certificate, during client authentication. It works with LDAP
> directory v2 and lookfor the client cert in the directory: if it's
> present set ocsp status GOOD else set ocsp statusSUSPENDED. you can
> change the dierctory name in ldapservers var. Anyone interested on it
> ? any hints ? I'd like to realize a complete ocsp responder for ldap,
> and also http then, compliant withIETF directives (see ocsp draft) and
> maybe include it in mod_ssl. I'd like also to submitthe activation of
> ocsp check to the config file of apache server: how is possible to do
> that? Thanks
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
