[Mono-bugs] [Bug 78740][Nor] Changed - Https Client Certificate doesn't work with mod_mono apache
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Mon Jul 3 11:48:20 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien at ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=78740
--- shadow/78740 2006-07-03 07:09:00.000000000 -0400
+++ shadow/78740.tmp.4056 2006-07-03 11:48:20.000000000 -0400
@@ -1,16 +1,16 @@
Bug#: 78740
-Product: Mono: Class Libraries
+Product: Mono: Tools
Version: 1.1
OS: GNU/Linux [Other]
OS Details:
Status: NEW
Resolution:
Severity: Unknown
-Priority: Major
-Component: Sys.Web
+Priority: Normal
+Component: mod_mono
AssignedTo: gonzalo at ximian.com
ReportedBy: informatique.internet at fiducial.fr
QAContact: mono-bugs at ximian.com
TargetMilestone: ---
URL:
Cc:
@@ -245,6 +245,26 @@
all certificate are "valid"). I don't know exactly how to proceed...
------- Additional Comments From informatique.internet at fiducial.fr 2006-07-03 07:09 -------
Created an attachment (id=17237)
Oops this patch is more clean!!
+
+------- Additional Comments From sebastien at ximian.com 2006-07-03 11:48 -------
+Hubert,
+
+As you have seen much of the code is already present for this (as it
+is shared with XSP). Setting the certificate from the server, using
+SetClientCertificate, should enable most of the features but there are
+a few more variables that should be set as well (just like the code
+from XSPApplicationHost).
+
+The certificate validity is also checked by one of those variables,
+CERT_FLAGS. Now there's two way of dealing with it.
+a) check the Apache variable that indicates if the certificate is
+valid (i.e. from OpenSSL point of view);
+b) run the Mono.Security X509Chain code on it (see the SSL/TLS
+implementation code);
+
+(a) is easier but may get you (or other people) into some trouble
+depending on how you'll be using the certificate inside Mono. (b) is
+just a little more copy-n-paste code;
More information about the mono-bugs
mailing list