Ben Laurie wrote:
>
> Ralf S. Engelschall wrote:
> >
> > On Wed, Dec 09, 1998, Ben Laurie wrote:
> >
> > > > Does anyone know an existing webserver on the net where SSL client
> > > > authentication is requested on a per-URL basis? And does anyone know the URL
> > > > of such a server, so I can establish a test-connection to it?
> > > >
> > > > To better understand my question, here is the background:
> > > >
> > > > I've currently added support for per-directory/URL based SSL re-negotiation to
> > > > mod_ssl (Apache), i.e. the user can configure a different cipher suite or
> > > > change the client authentication type on a per-directory basis while mod_ssl
> > > > implements this by forcing a re-negotiation of the SSL/TLS connection
> > > > parameters _after_ the client has sent the HTTP request, but _before_ Apache
> > > > sends the response.
> > >
> > > The current test version of Apache-SSL does this, but a) I guess it
> > > won't help you much and b) I'm not sure if we're running it on the
> > > server yet :-)
> >
> > Oh, that's interesting, Ben. Although an Apache-SSL server doesn't help me for
> > testing here (because it uses SSLeay as the SSL engine, too), I didn't know
> > that you work in this area for Apache-SSL, too. Because I've never read any
> > information about your recent development plans. Nevertheless the Apache-SSL
> > users will appreciate it, so it's fine that you work on this, too.
>
> It was the obvious next step after exporting client certs and cert
> chains. The only reason I hadn't said anything yet is that I was
> planning to announce it when it went up for testing, but we've been busy
> with other things for the last week or two...
>
OK, I've put the new version (1.30) up on:
https://www.apache-ssl.org
for test purposes... This does per-URL client-auth in:
https://www.apache-ssl.org/cgi/cert-export
please note that this version of apache-ssl is not yet released, and I
expect Ben will want some feedback regarding problems with particular
browsers etc. before he does so... I have only tested it with nutscrape
4.07 and the current(ish) M$IE (on a machine *somewhere else* so I can't
check the version, sorry).
cheers,
Adam
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:[EMAIL PROTECTED]
UNITED KINGDOM PGP key on keyservers
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
