[Mono-dev] mod_mono and client certificates - no worky?
Sebastien Pouliot
sebastien.pouliot at gmail.com
Mon Mar 10 16:51:19 EDT 2008
Hello Jay,
It's been quite a while since I last looked at this but I think client
certificates are not supported by mod_mono (but only XSP). At least I
don't recall testing them...
However it should not be too complex to copy-paste the apache->mod_mono
server certificate code to work for the client certs.
Sebastien
On Mon, 2008-03-10 at 12:08 -0700, Jay Miller wrote:
> Hello. I'm sure I'm just missing something silly, but I can't seem to
> get any client certificate information from Apache. My server is set
> to require client certificates using "SSLVerifyClient require". I
> have self-signed CA and client/server certificates set up.
>
> For testing, I'm using the ASP.NET example found here:
>
> http://www.mono-project.com/UsingClientCertificatesWithXSP
>
> When I attempt to take a vanilla host to my test page, Apache denies
> me. When I add my client certificate to Firefox and attempt the test
> page again, Apache lets me through. My client certificate is shown in
> the Apache debug output:
>
> ssl_engine_kernel.c(1190): Certificate Verification: depth: 0,
> subject: /CN=test, issuer: ...
> ...
> ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished
> successfully
>
> However, the test page does not appear to have the client certificate
> because I see, "Hello from an secure session. But who are you ?"
>
> I've tried adding a bit more code to the test page and found that
> Request.ServerVariables does not contain the flags necessary to
> indicate a client certificate is present:
>
> Key: CERT_FLAGS
> Value 0: 0
>
> It seems as though mod_mono isn't receiving (or passing on) all of the
> connection info, or something. Does anyone have any ideas on some
> things I might have missed in my setup? I'd be grateful for any help!
>
> Thank you in advance!
>
More information about the Mono-devel-list
mailing list