[Mono-bugs] [Bug 78740][Nor] Changed - Https Client Certificate doesn't work with mod_mono apache

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Jul 3 11:48:20 EDT 2006


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=78740

--- shadow/78740	2006-07-03 07:09:00.000000000 -0400
+++ shadow/78740.tmp.4056	2006-07-03 11:48:20.000000000 -0400
@@ -1,16 +1,16 @@
 Bug#: 78740
-Product: Mono: Class Libraries
+Product: Mono: Tools
 Version: 1.1
 OS: GNU/Linux [Other]
 OS Details: 
 Status: NEW   
 Resolution: 
 Severity: Unknown
-Priority: Major
-Component: Sys.Web
+Priority: Normal
+Component: mod_mono
 AssignedTo: gonzalo at ximian.com                            
 ReportedBy: informatique.internet at fiducial.fr               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
 URL: 
 Cc: 
@@ -245,6 +245,26 @@
 all certificate are "valid"). I don't know exactly how to proceed...
 
 ------- Additional Comments From informatique.internet at fiducial.fr  2006-07-03 07:09 -------
 Created an attachment (id=17237)
 Oops this patch is more clean!!
 
+
+------- Additional Comments From sebastien at ximian.com  2006-07-03 11:48 -------
+Hubert,
+
+As you have seen much of the code is already present for this (as it
+is shared with XSP). Setting the certificate from the server, using
+SetClientCertificate, should enable most of the features but there are
+a few more variables that should be set as well (just like the code
+from XSPApplicationHost).
+
+The certificate validity is also checked by one of those variables,
+CERT_FLAGS. Now there's two way of dealing with it.
+a) check the Apache variable that indicates if the certificate is
+valid (i.e. from OpenSSL point of view);
+b) run the Mono.Security X509Chain code on it (see the SSL/TLS
+implementation code);
+
+(a) is easier but may get you (or other people) into some trouble
+depending on how you'll be using the certificate inside Mono. (b) is
+just a little more copy-n-paste code;


More information about the mono-bugs mailing list