[Mono-bugs] [Bug 78740][Nor] Changed - Https Client Certificate doesn't work with mod_mono apache

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Tue Jul 4 12:17:00 EDT 2006


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by informatique.internet at fiducial.fr.

http://bugzilla.ximian.com/show_bug.cgi?id=78740

--- shadow/78740	2006-07-04 11:02:46.000000000 -0400
+++ shadow/78740.tmp.26729	2006-07-04 12:17:00.000000000 -0400
@@ -292,6 +292,34 @@
 On one side, reporting Apache result for the client certificate is
 good. However if the certificate is used inside the application (using
 the FX) things may fail because it could be judged invalid. While
 there's no perfect solution (for two implementations to coexist
 simultaneously) I wonder how Apache/Java (e.g. Tomcat) handle such
 situation...
+
+------- Additional Comments From informatique.internet at fiducial.fr  2006-07-04 12:16 -------
+>>* In order to get HttpClientCertificate to work (completely) you still
+need to feed a few more variables (see XSPApplicationHost);
+
+From XSPApplicationHost :
+
+mwr.AddServerVariable ("CERT_KEYSIZE", ssl.KeySize.ToString
+(CultureInfo.InvariantCulture));
+mwr.AddServerVariable ("CERT_SECRETKEYSIZE",
+ssl.SecretKeySize.ToString (CultureInfo.InvariantCulture));
+//
+//
+mwr.AddServerVariable ("CERT_SERVER_ISSUER", server.GetIssuerName ());
+mwr.AddServerVariable ("CERT_SERVER_SUBJECT", server.GetName ()); 
+
+But this doesn't concern HttpClientCertificate (only the server
+certificate)
+If you want i fill these field i must parse the SSL_SERVER_CERT
+environment variable too! (it's easy...)
+
+>>* I'm not sure the validity check is complete enough (but I'm still
+debating it in my head ;-)
+
+if you want to "recheck" the validity of the Certificate inside the
+application, you just have to import the CA certificate with certmgr...
+
+


More information about the mono-bugs mailing list