[Mono-bugs] [Bug 78740][Nor] Changed - Https Client Certificate doesn't work with mod_mono apache
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Tue Jul 4 12:17:00 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by informatique.internet at fiducial.fr.
http://bugzilla.ximian.com/show_bug.cgi?id=78740
--- shadow/78740 2006-07-04 11:02:46.000000000 -0400
+++ shadow/78740.tmp.26729 2006-07-04 12:17:00.000000000 -0400
@@ -292,6 +292,34 @@
On one side, reporting Apache result for the client certificate is
good. However if the certificate is used inside the application (using
the FX) things may fail because it could be judged invalid. While
there's no perfect solution (for two implementations to coexist
simultaneously) I wonder how Apache/Java (e.g. Tomcat) handle such
situation...
+
+------- Additional Comments From informatique.internet at fiducial.fr 2006-07-04 12:16 -------
+>>* In order to get HttpClientCertificate to work (completely) you still
+need to feed a few more variables (see XSPApplicationHost);
+
+From XSPApplicationHost :
+
+mwr.AddServerVariable ("CERT_KEYSIZE", ssl.KeySize.ToString
+(CultureInfo.InvariantCulture));
+mwr.AddServerVariable ("CERT_SECRETKEYSIZE",
+ssl.SecretKeySize.ToString (CultureInfo.InvariantCulture));
+//
+//
+mwr.AddServerVariable ("CERT_SERVER_ISSUER", server.GetIssuerName ());
+mwr.AddServerVariable ("CERT_SERVER_SUBJECT", server.GetName ());
+
+But this doesn't concern HttpClientCertificate (only the server
+certificate)
+If you want i fill these field i must parse the SSL_SERVER_CERT
+environment variable too! (it's easy...)
+
+>>* I'm not sure the validity check is complete enough (but I'm still
+debating it in my head ;-)
+
+if you want to "recheck" the validity of the Certificate inside the
+application, you just have to import the CA certificate with certmgr...
+
+
More information about the mono-bugs
mailing list