RE: SSL validation

Mon, 02 Apr 2001 07:40:37 -0700 

In an authentication module, I wanted to be sure that the server was
properly configured before even trying to get the password (we *must* not
send our passwords unencrypted.) It may not be the best way or even solve
your problem, but I used the SSL ctx information:

   /* if we don't have an SSL connection, we're not even going
      to ask for the Kerberos Password, you can't get here from there */
   ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
   if (ssl == NULL ) {
      kerb_log_msg(r->connection->base_server,r,"Non SSL Connection - Ker
uthentication not allowed");
      return HTTP_FORBIDDEN;

Maybe it will help.

Deborah Hansknecht
Sandia National Laboratories
[EMAIL PROTECTED]
505 844-6532 

> -----Original Message-----
> From: Manne Anliot [mailto:[EMAIL PROTECTED]]
> Sent: April 02, 2001 4:41 AM
> To: '[EMAIL PROTECTED]'
> Subject: SSL validation
> 
> 
> Hi all,
> 
> New to mod_ssl I've stumled upon a very disturbing problem: 
> I'm coding an
> Apache module that needs to know whether we have a secure 
> (SSL) connection
> or not in the URI Translation phase. We've solved this problem on for
> example MS IIS by checking SSI/CGI environments with the standard SSL
> information (HTTPS=on). A quick look in the mod_ssl source 
> reveals that this
> variable isn't set before the pre-run fixup phase (just 
> before the response
> handlers), so this solution seems inadequate.
> 
> So in short: How can a module check if the current request is 
> a secure one?
> (without workarounds à la specifying secure ports in 
> configuration files
> etc)
> 
> A mod_ssl solution or even better a generic SSL solution 
> would be soo much
> appretiated.
> 
> (Apache/1.3.14, mod_ssl/2.7.2, OpenSSL/0.9.6)
> 
> Regards,
> Manne Anliot
> Sweden.
> 
> mailto:[EMAIL PROTECTED]
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to