[jira] [Updated] (TS-1584) Exposing client SSL certificate verification result in plugin API
[ https://issues.apache.org/jira/browse/TS-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Leif Hedstrom updated TS-1584: -- Fix Version/s: (was: 5.0.0) Exposing client SSL certificate verification result in plugin API -- Key: TS-1584 URL: https://issues.apache.org/jira/browse/TS-1584 Project: Traffic Server Issue Type: Improvement Components: SSL, TS API Affects Versions: 3.3.4 Reporter: Thach Tran Assignee: James Peach Priority: Minor Labels: patch Attachments: 0001-Exposing-client-ssl-certificate-verification-result-.patch, 0001-TS-1584-Retaining-some-info-from-client-certificate-.patch I'm writing an authentication plugin for traffic server and would like to implement the following logic: * If the client supplies valid certificate over ssl, allow the transaction to proceed with no further authentication. * Otherwise challenge the client with username/password authentication. Currently if I turn on client certificate checking in TS (proxy.config.ssl.client.certification_level 0), the result of the client certificate verification happens at the SSLNetVConnection level and plugin hooks have no knowledge of this. This makes implementing the aforementioned logic not possible. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (TS-1584) Exposing client SSL certificate verification result in plugin API
[ https://issues.apache.org/jira/browse/TS-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Peach updated TS-1584: Fix Version/s: (was: 6.0.0) 5.0.0 Exposing client SSL certificate verification result in plugin API -- Key: TS-1584 URL: https://issues.apache.org/jira/browse/TS-1584 Project: Traffic Server Issue Type: Improvement Components: SSL, TS API Affects Versions: 3.3.4 Reporter: Thach Tran Assignee: James Peach Priority: Minor Labels: patch Fix For: 5.0.0 Attachments: 0001-Exposing-client-ssl-certificate-verification-result-.patch, 0001-TS-1584-Retaining-some-info-from-client-certificate-.patch I'm writing an authentication plugin for traffic server and would like to implement the following logic: * If the client supplies valid certificate over ssl, allow the transaction to proceed with no further authentication. * Otherwise challenge the client with username/password authentication. Currently if I turn on client certificate checking in TS (proxy.config.ssl.client.certification_level 0), the result of the client certificate verification happens at the SSLNetVConnection level and plugin hooks have no knowledge of this. This makes implementing the aforementioned logic not possible. -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Updated] (TS-1584) Exposing client SSL certificate verification result in plugin API
[ https://issues.apache.org/jira/browse/TS-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thach Tran updated TS-1584: --- Attachment: 0001-TS-1584-Retaining-some-info-from-client-certificate-.patch Updated patch to also expose client cert's common name and issuer name. Exposing client SSL certificate verification result in plugin API -- Key: TS-1584 URL: https://issues.apache.org/jira/browse/TS-1584 Project: Traffic Server Issue Type: Improvement Components: SSL, TS API Affects Versions: 3.3.4 Reporter: Thach Tran Assignee: James Peach Priority: Minor Labels: patch Fix For: 3.3.1 Attachments: 0001-Exposing-client-ssl-certificate-verification-result-.patch, 0001-TS-1584-Retaining-some-info-from-client-certificate-.patch I'm writing an authentication plugin for traffic server and would like to implement the following logic: * If the client supplies valid certificate over ssl, allow the transaction to proceed with no further authentication. * Otherwise challenge the client with username/password authentication. Currently if I turn on client certificate checking in TS (proxy.config.ssl.client.certification_level 0), the result of the client certificate verification happens at the SSLNetVConnection level and plugin hooks have no knowledge of this. This makes implementing the aforementioned logic not possible. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-1584) Exposing client SSL certificate verification result in plugin API
[ https://issues.apache.org/jira/browse/TS-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Leif Hedstrom updated TS-1584: -- Fix Version/s: 3.3.1 Exposing client SSL certificate verification result in plugin API -- Key: TS-1584 URL: https://issues.apache.org/jira/browse/TS-1584 Project: Traffic Server Issue Type: Improvement Components: SSL, TS API Affects Versions: 3.3.4 Reporter: Thach Tran Assignee: James Peach Priority: Minor Labels: patch Fix For: 3.3.1 Attachments: 0001-Exposing-client-ssl-certificate-verification-result-.patch I'm writing an authentication plugin for traffic server and would like to implement the following logic: * If the client supplies valid certificate over ssl, allow the transaction to proceed with no further authentication. * Otherwise challenge the client with username/password authentication. Currently if I turn on client certificate checking in TS (proxy.config.ssl.client.certification_level 0), the result of the client certificate verification happens at the SSLNetVConnection level and plugin hooks have no knowledge of this. This makes implementing the aforementioned logic not possible. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (TS-1584) Exposing client SSL certificate verification result in plugin API
[ https://issues.apache.org/jira/browse/TS-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thach Tran updated TS-1584: --- Attachment: 0001-Exposing-client-ssl-certificate-verification-result-.patch I included a unittest for the new function in the API but it's rather useless in which it's only test the case of plain non-ssl client connection. Exposing client SSL certificate verification result in plugin API -- Key: TS-1584 URL: https://issues.apache.org/jira/browse/TS-1584 Project: Traffic Server Issue Type: Improvement Components: SSL, TS API Affects Versions: 3.3.4 Reporter: Thach Tran Priority: Minor Labels: patch Attachments: 0001-Exposing-client-ssl-certificate-verification-result-.patch I'm writing an authentication plugin for traffic server and would like to implement the following logic: * If the client supplies valid certificate over ssl, allow the transaction to proceed with no further authentication. * Otherwise challenge the client with username/password authentication. Currently if I turn on client certificate checking in TS (proxy.config.ssl.client.certification_level 0), the result of the client certificate verification happens at the SSLNetVConnection level and plugin hooks have no knowledge of this. This makes implementing the aforementioned logic not possible. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
