Hi,
Out of the info on the wiki I created a simple Webserver with a
server-certificate.
To get this code working you need to create the necessary certificate.
For this I used xca from https://hohnstaedt.de but you can use OpenSSL
to do the same.
[code=pascal]
program webserver;
{$mode objfpc}{$H+}
uses
{$ifdef UNIX}
cthreads, cmem,
{$endif}
fphttpapp,
httpdefs,
httproute,
opensslsockets;
var
fUseSSL: boolean;
const
fCertificatePassword: string = 'hello';
fCertificateHostName: string = 'localhost';
fCertificateFileName: string = 'Server.crt';
fCertificatePrivateKey: string = 'Server.key';
procedure route1(aReq: TRequest; aResp: TResponse);
begin
aResp.Content := '<html><body><h1>Route 1 The
Default</h1></body></html>';
end;
procedure route2(aReq: TRequest; aResp: TResponse);
begin
aResp.Content := '<html><body><h1>Route 2</h1></body></html>';
end;
begin
HTTPRouter.RegisterRoute('/', @route1);
HTTPRouter.RegisterRoute('/2', @route2);
Application.Port := 1999;
fUseSSL :=true;
Application.UseSSL := fUseSSL;
if fUseSSL then
begin
Application.CertificateData.KeyPassword := fCertificatePassword;
Application.CertificateData.HostName := fCertificateHostName;
Application.CertificateData.Certificate.FileName :=
fCertificateFileName;
Application.CertificateData.PrivateKey.FileName :=
fCertificatePrivateKey;
end;
Application.Threaded := True;
Application.Initialize;
Application.Run;
end.
[/code]
My questions are:
*- How can I modify this example to enforce the use of a client certificate?
- How can I verify a client certificate in the server?*
In the TLS handshake a client certificate is optional but the server can
ensure that it is mandatory.
Any help, pointers, sample code is appreciated.
Sincerely,
Jos
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal