[Mono-dev] mod_mono and client certificates - no worky?

Sebastien Pouliot sebastien.pouliot at gmail.com
Mon Mar 10 16:51:19 EDT 2008


Hello Jay,

It's been quite a while since I last looked at this but I think client
certificates are not supported by mod_mono (but only XSP). At least I
don't recall testing them...

However it should not be too complex to copy-paste the apache->mod_mono
server certificate code to work for the client certs.

Sebastien

On Mon, 2008-03-10 at 12:08 -0700, Jay Miller wrote:
> Hello.  I'm sure I'm just missing something silly, but I can't seem to
> get any client certificate information from Apache.  My server is set
> to require client certificates using "SSLVerifyClient require".  I
> have self-signed CA and client/server certificates set up.
> 
> For testing, I'm using the ASP.NET example found here:
> 
>   http://www.mono-project.com/UsingClientCertificatesWithXSP
> 
> When I attempt to take a vanilla host to my test page, Apache denies
> me.  When I add my client certificate to Firefox and attempt the test
> page again, Apache lets me through.  My client certificate is shown in
> the Apache debug output:
> 
>   ssl_engine_kernel.c(1190): Certificate Verification: depth: 0,
> subject: /CN=test, issuer:  ...
>   ...
>   ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished
> successfully
> 
> However, the test page does not appear to have the client certificate
> because I see, "Hello from an secure session. But who are you ?"
> 
> I've tried adding a bit more code to the test page and found that
> Request.ServerVariables does not contain the flags necessary to
> indicate a client certificate is present:
> 
>   Key: CERT_FLAGS
>   Value 0: 0
> 
> It seems as though mod_mono isn't receiving (or passing on) all of the
> connection info, or something.  Does anyone have any ideas on some
> things I might have missed in my setup?  I'd be grateful for any help!
> 
> Thank you in advance!
> 



More information about the Mono-devel-list mailing list