not everyone needs client certificates, so of course the default config needs tuning. AFAIK (@michele can chime in any time, he's the original author) what is needed are a few environmental variables passed along, such as
SSL_CLIENT_CERT SSL_CLIENT_RAW_CERT SSL_CLIENT_VERIFY SSL_CLIENT_SERIAL etc etc etc Apache docs mention that those should be enabled setting the directive SSLOptions +stdEnvVars On Tuesday, March 10, 2015 at 9:57:01 PM UTC+1, LoveWeb2py wrote: > > The main problem is that when I set auth.settings.login_form = X509Auth() > as specified in the book I get the error: Login not allowed. No valid x509 > credentials. > > My httpd.conf is exactly out of the book as specified for mod_wsgi > > http://web2py.com/books/default/chapter/29/13/deployment-recipes#mod_wsgi > > I want to pass the certificate credentials to the x509_auth class that > web2py has, but its raising an exception because its not finding any > certificate present. My browser has certificates in them as I checked them > on other sites and they work fine. So its something between the browser, > mod_wsgi, wsgi_handler.py or my httpd.conf > > > On Tuesday, March 10, 2015 at 3:57:12 PM UTC-4, LoveWeb2py wrote: >> >> *httpd* - Apache Hypertext Transfer Protocol Server >> >> my httpd.conf has the certificates and is serving https out properly, I >> just can't seem to read the user certificates when they visit the site. >> >> On Tuesday, March 10, 2015 at 3:36:53 PM UTC-4, Richard wrote: >>> >>> "This works out of the box with Rocket (the web2py built-in web server) >>> but you may need some extra configuration work on the web server side if >>> you are using a different web server. In particular you need to tell your >>> web server where the certificates are located on local host and that it >>> needs to verify certificates coming from the clients. How to do it is web >>> server dependent and therefore omitted here." >>> >>> Which server do you use? >>> >>> Richard >>> >>> >>> >>> On Tue, Mar 10, 2015 at 3:35 PM, Richard Vézina <[email protected]> >>> wrote: >>> >>>> Is M2Crypto there?? >>>> >>>> Basic, but you know... >>>> >>>> On Tue, Mar 10, 2015 at 3:18 PM, LoveWeb2py <[email protected]> wrote: >>>> >>>>> Just the basic stuff like first name and last name. But when I try to >>>>> login using the x509 tutorial in the book I am getting Login not allowed. >>>>> No valid x509 credentials. This tells me that my certificate isn't being >>>>> read properly by web2py or I'm not passing the variables through uwsgi >>>>> properly? Do I need to put something in the wsgi-handler, change my >>>>> httpd.conf, or something else? >>>>> >>>>> On Tuesday, March 10, 2015 at 2:53:58 PM UTC-4, LoveWeb2py wrote: >>>>>> >>>>>> Hello, >>>>>> >>>>>> I'm wondering how to get the users details when they visit my site >>>>>> over SSL. I'm guessing I'll have to parse out the information through >>>>>> the >>>>>> WSGI handler? If anyone has insight or could provide direction I'd >>>>>> really >>>>>> appreciate it. >>>>>> >>>>> -- >>>>> Resources: >>>>> - http://web2py.com >>>>> - http://web2py.com/book (Documentation) >>>>> - http://github.com/web2py/web2py (Source code) >>>>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "web2py-users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
