Hello all. I'm wondering if i can implement smart card authentication in GAE.
I'm aware that i will have to use a *.appspot domain in order to use SSL. I don't like this idea because GAE uses a generic certificate to all apps in appspot and this could cause impersonification of my website to a user that mistypes the url (like google or gooogle)... but i will have to live with that. My question is about certificate validation. After i receive the certificate from the client i need to validate it in a Certificate Authority. Is it possible to do this in GAE? I'm asking because the URL fetch API says :"The proxy the URL Fetch service uses cannot authenticate the host it is contacting. Because there is no certificate trust chain, the proxy accepts all certificates, including self-signed certificates. The proxy server cannot detect "man in the middle" attacks between App Engine and the remote host when using HTTPS." So, will i be able to validade the entity of the CA i'm contacting and thus the client certificate? Or GAE will simply accept the certificate but i can't validate it? Any opinion will be appreciated! Tks! -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
