Nope, and I you found some *plasse* tell to us!!
Regards, Alfredo
Eddie Dunckley wrote:
> I've discovered the crypto.signText(sometext, "ask") procedure in javascript
> v1.2 and was very pleased that I can sign html form data with the client
> certificate.
>
> This however works only in
Laura,
The OID you are talking about is OID=0.9.2342.19200300.100.1.1 ?
This corresponds to the UID attribute that Netscape Certificate Server
inserts on the DN of the certificates...
I also needed this to be reported correctly.
You can do one of these things:
1) Patch the openssl library to reco
cates in AIX?
Thanks a lot!!
Regards, Alfredo
Alfredo Raul Pena wrote:
> Hi all!
> I'm having problems with the session cache. When the server does a fresh
> start, everything works fine till the first expiration occurs. From then
> on, it looks like the session cache gets
Hi all!
I'm having problems with the session cache. When the server does a fresh
start, everything works fine till the first expiration occurs. From then
on, it looks like the session cache gets corrupted and even the sessions
that gets set in the cache are being removed and missed one second
late
Hi,
I been observing this behavior in mod_ssl from the version 2.3.6, but mod_ssl
2.2.2 don't do this. Is there anybody that is suffering this problem.
Thanks, Alfredo
Arend van der Veen wrote:
> Hi all,
>
> I have been continuing my testing. I have downloaded demo versions of both
> Raven-SSL
Yes, I have a production system with a GSID working fine for at least 3
months. I've placed the intermediate certificate in a file with all the
client certificates, so I'm using SSLCACertificateFile instead of
SSLCACertificatePath. But they should work both ways... perhaps you forgot
hashing the c
Paul Rubin wrote:
> Has your GSID been observed to work with MSIE 4 and 5, or just
> Netscape? Is there any chance you could send a URL that I can connect
> to?
There is only one public page, the rest needs a client certificate. You
can try to connect to
https://www.hb.bancorio.com.ar:448/
I ha
Hi,
I am very interested.
I have actually done something similar in spirit, but very different.
Using mod_perl and an AuthHandler, I translate a FakeBasicAuthentication
user (the certificate's SubjectDN) to an LDAP user with that SubjectDN
in an special attribute. I was looking for a way to acces
Axel Findling wrote:
> > By the way, is there such hack to Netscape too?
>
> 1. You can Import the CAs Publick Key to Netscape (Steffen wrote abaout
> this) and than copy the cert7.db file to another Netscape (4.x)-Profile.
>
> 2. You can use the Client Configuration Kit from Netscape to add a CA
Steffen Dettmer wrote:
> > certificate expires, IE 3 disallows access altogether. Anyway I can hack
> > the Registry or something like that so IE3/4/5 users can go to my site?
> > Like, adding my phony CA to IE's list of CAs?
> >
> > By the way, is there such hack to Netscape too?
>
> take a .hta
"Ralf S. Engelschall" wrote:
> > > I think the problem is that I'm not using mod_perl for CGI scripts (where you
> > > have the info via the environment) but from a AuthHandler... From there I
> > > tried accessing subprocess_env without success, none of the SSL_
> > > veriables are there.
>
I'm sorry about the insistence, but what do anyone thinks about this?
Regards, Alfredo
Alfredo Raul Pena wrote:
> "Ralf S. Engelschall" wrote:
>
> > Since mod_ssl 2.1 you can get _all_ ingredients of a certificate via
> > environment variables SSL_. What i
"Ralf S. Engelschall" wrote:
> Since mod_ssl 2.1 you can get _all_ ingredients of a certificate via
> environment variables SSL_. What ingredients are you missing?
I think the problem is that I'm not using mod_perl for CGI scripts (where you
have the info via the environment) but from a Auth
Hi,
I'am working on mod_perl AuthHandler to map between users client
certificates and user ids in behalf of CGI programs written with basic
authentication in mind.
I managed to get something working thanks to Clayton Donley's
AuthLDAP module and FakeBasicAuthentication, but need more info
Hi,
It could be better if we have a way to compare a certificate finger-print in
SSLRequire expressions... Is that possible?
Regards, Alf
Alfredo Raul Pena wrote:
> "Ralf S. Engelschall" wrote:
>
> > But when you use "SSLVerifyClient require" you cannot
"Ralf S. Engelschall" wrote:
> But when you use "SSLVerifyClient require" you cannot
> provide any HTML pages, because the whole authentication stuff is
done
> _before_ any HTTP is spoken.
> When you really want to display such a error page, you can do the
following:
Suppose I request client suthentication on a server basis and the user
don't have a valid certificate for my server. Is there a way to display
some sort of Forbidden message instead of closing the connection?
Regards, Alf
__
Apac
I'm having a similar problem. I hope I could explain it. Sorry for the long message.
I want to require client certificates only under /cgi-bin. So I place this in my
httpd.conf
SSLVerifyClient require
SSLVerifyDepth 1
With this in place, Netscape keeps asking me for my client certificate each
Cliff Woolley wrote:
> >>> "Ralf S. Engelschall" <[EMAIL PROTECTED]> 11/17/99 10:40AM >>>
> >Hmmm... today I've less time (because today is my birthday ;)
>
> Happy birthday! =-)
Happy birthday indeed!!! Thank a lot for your gift (mod_ssl of course) !!
_
19 matches
Mail list logo
