cURL / Mailing Lists / curl-library / Single Mail

curl-library

htts SSLRequire feature

From: Xavier Jeannin <Xavier.Jeannin_at_urec.cnrs.fr>
Date: Sat, 12 Oct 2002 17:09:06 +0200

Hello

I am trying to perform a connection to a Web application (like TUTOS
writed in PHP) directly authenticated by my certificate.
So I write a php program "logcertif.php" thanks to cURL that performs
the login on TUTOS based on the information that I can collect in Apache
environnement variable on the user Certificate.
cURL work fine if I use only SSL.
If I ask to Apach a "SSLRequire" order in apache configuration to
select who can use TUTOS, it does not work.
SSL complains, I suppose it is due because it is not the same SSL
session number between the browser to my program "logcertif.php" and
my program "logcertif.php" on my server to TUTOS on my server.

<Directory "/xxx/xxx/TUTOS">
        SSLVerifyClient require
        SSLVerifyDepth 5
        SSLRequireSSL
        SSLRequire %{SSL_CLIENT_S_DN_O} eq "XXX" \
                and %{SSL_CLIENT_S_DN_OU} eq "XXX" \
                and %{SSL_CLIENT_S_DN_Email} =~
m/xavier.jeannin_at_urec.cnrs.fr/i
        AuthAuthoritative on
        Options -Indexes
        AllowOverride None
        Order allow,deny
</Location>

I have read in list archive that this feature is not implemented in
cURL. I have seen that this feature has been included in the ToDo list.
--->
"Add an interface to libcurl that enables "session IDs" to get
exported/imported. Cris Bailiff said: "OpenSSL has functions which can
serialise the current SSL state to a buffer of your choice, and
recover/reset the state from such a buffer at a later date - this is
used by mod_ssl for apache to implement and SSL session ID cache". This
whole idea might become moot if we enable the 'data sharing' as
mentioned in the LIBCURL label above. "

I am not sure to have well understand.

Could you confirm you that it not for the moment possible to do what I
want with cURL ? If it is the case do you know if this feature will be
implemented ?
Do you know any other way to do it ?

thank you for your answer.
best regards.
Xavier Jeannin

PS: Sorry if my question is not in the right list ?

--
________________________________________________________________________________________
Xavier Jeannin   UREC/CNRS
Université P. & M. Curie - Tour 65/66 - 4ième étage
Courrier : case 171
4, place Jussieu - 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61
Xavier.Jeannin_at_urec.cnrs.fr
_________________________________________________________________________________________
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2002-10-12