[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: web apps and client certificate authentication

To: michael@stroeder.com (Michael Ströder)
Subject: Re: web apps and client certificate authentication
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Sat, 24 Jan 2009 22:46:28 +0100
Cc: Kurt Zeilenga <Kurt@openldap.org>, openldap-technical@openldap.org
In-reply-to: <497B50DB.30407@stroeder.com>
User-agent: MacSOUP/2.7 (unregistered for 736 days)

Michael Ströder <michael@stroeder.com> wrote:

> Yes. However in theory the web app could run within a custom HTTP server
> and intercept the SSL/TLS handshake.

In fact I thought a bit more about it and I do not think it can work: if
the HTTP server intercepts the SSL handshake and proxy it to slapd, then
the SSL connexion will be between the web browser and slapd. The HTTP
server will not be able to handle the request.

In fact we would need a double SSL handshake: one with the HTTP server
and another one with slapd, proxyied by the HTTP server. I am not even
sure it is possible.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: web apps and client certificate authentication
  - From: Howard Chu <hyc@symas.com>

References:
- Re: web apps and client certificate authentication
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: web apps and client certificate authentication
Next by Date: Re: web apps and client certificate authentication
Index(es):
- Chronological
- Thread