[ https://issues.apache.org/jira/browse/TS-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13790022#comment-13790022 ]
James Peach edited comment on TS-1584 at 10/9/13 4:53 AM: ---------------------------------------------------------- I think we can aim for 4.x. was (Author: jamespeach): I think we can > Exposing client SSL certificate verification result in plugin API > ------------------------------------------------------------------ > > Key: TS-1584 > URL: https://issues.apache.org/jira/browse/TS-1584 > Project: Traffic Server > Issue Type: Improvement > Components: SSL, TS API > Affects Versions: 3.3.4 > Reporter: Thach Tran > Assignee: James Peach > Priority: Minor > Labels: patch > Fix For: 5.0.0 > > Attachments: > 0001-Exposing-client-ssl-certificate-verification-result-.patch, > 0001-TS-1584-Retaining-some-info-from-client-certificate-.patch > > > I'm writing an authentication plugin for traffic server and would like to > implement the following logic: > * If the client supplies valid certificate over ssl, allow the transaction > to proceed with no further authentication. > * Otherwise challenge the client with username/password authentication. > Currently if I turn on client certificate checking in TS > (proxy.config.ssl.client.certification_level > 0), the result of the client > certificate verification happens at the SSLNetVConnection level and plugin > hooks have no knowledge of this. This makes implementing the aforementioned > logic not possible. -- This message was sent by Atlassian JIRA (v6.1#6144)