[Mono-dev] mod_mono and client certificates - no worky?
Jay Miller
jnmiller at cryptofreak.org
Mon Mar 10 15:08:56 EDT 2008
Hello. I'm sure I'm just missing something silly, but I can't seem to
get any client certificate information from Apache. My server is set
to require client certificates using "SSLVerifyClient require". I
have self-signed CA and client/server certificates set up.
For testing, I'm using the ASP.NET example found here:
http://www.mono-project.com/UsingClientCertificatesWithXSP
When I attempt to take a vanilla host to my test page, Apache denies
me. When I add my client certificate to Firefox and attempt the test
page again, Apache lets me through. My client certificate is shown in
the Apache debug output:
ssl_engine_kernel.c(1190): Certificate Verification: depth: 0,
subject: /CN=test, issuer: ...
...
ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished
successfully
However, the test page does not appear to have the client certificate
because I see, "Hello from an secure session. But who are you ?"
I've tried adding a bit more code to the test page and found that
Request.ServerVariables does not contain the flags necessary to
indicate a client certificate is present:
Key: CERT_FLAGS
Value 0: 0
It seems as though mod_mono isn't receiving (or passing on) all of the
connection info, or something. Does anyone have any ideas on some
things I might have missed in my setup? I'd be grateful for any help!
Thank you in advance!
--
Jay Miller
PGP Fingerprint | 5f7adbbe bfc60727 96dca94c 616d5080 09e3e846
More information about the Mono-devel-list
mailing list