[Mono-bugs] [Bug 78740][Nor] Changed - Https Client Certificate doesn't work with mod_mono apache

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Jul 3 11:48:20 EDT 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.


--- shadow/78740	2006-07-03 07:09:00.000000000 -0400
+++ shadow/78740.tmp.4056	2006-07-03 11:48:20.000000000 -0400
@@ -1,16 +1,16 @@
 Bug#: 78740
-Product: Mono: Class Libraries
+Product: Mono: Tools
 Version: 1.1
 OS: GNU/Linux [Other]
 OS Details: 
 Status: NEW   
 Severity: Unknown
-Priority: Major
-Component: Sys.Web
+Priority: Normal
+Component: mod_mono
 AssignedTo: gonzalo at ximian.com                            
 ReportedBy: informatique.internet at fiducial.fr               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
@@ -245,6 +245,26 @@
 all certificate are "valid"). I don't know exactly how to proceed...
 ------- Additional Comments From informatique.internet at fiducial.fr  2006-07-03 07:09 -------
 Created an attachment (id=17237)
 Oops this patch is more clean!!
+------- Additional Comments From sebastien at ximian.com  2006-07-03 11:48 -------
+As you have seen much of the code is already present for this (as it
+is shared with XSP). Setting the certificate from the server, using
+SetClientCertificate, should enable most of the features but there are
+a few more variables that should be set as well (just like the code
+from XSPApplicationHost).
+The certificate validity is also checked by one of those variables,
+CERT_FLAGS. Now there's two way of dealing with it.
+a) check the Apache variable that indicates if the certificate is
+valid (i.e. from OpenSSL point of view);
+b) run the Mono.Security X509Chain code on it (see the SSL/TLS
+implementation code);
+(a) is easier but may get you (or other people) into some trouble
+depending on how you'll be using the certificate inside Mono. (b) is
+just a little more copy-n-paste code;

More information about the mono-bugs mailing list