Re: web apps and client certificate authentication

24 Jan 2009


      Michael Ströder michael@stroeder.com wrote:
...
Yes. However in theory the web app could run within a custom HTTP server
and intercept the SSL/TLS handshake.
In fact I thought a bit more about it and I do not think it can work: if
the HTTP server intercepts the SSL handshake and proxy it to slapd, then
the SSL connexion will be between the web browser and slapd. The HTTP
server will not be able to handle the request.
In fact we would need a double SSL handshake: one with the HTTP server
and another one with slapd, proxyied by the HTTP server. I am not even
sure it is possible.
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: web apps and client certificate authentication