Thank you very much for your opinion

>I doubt you can do that. It would seem a bit strange that any server could
>steal the client's certificates at will.

I agree with you, it seems strange that a server can steal a ssl connection.

>Aaaah! Well of course. Your program that runs the curl stuff doesn't have/use
>the correct/required certificate in order to be allowed to operatate against
>the server.

I will try a new idea.
Perhaps, I can generate a special certificate on my server that can be send by
the program (logcertif.php) that runs the curl stuff to the apache server.
I configure apache to accept this special certificate and I hope "logcertif.php"
will success to connect to the server.

Once again, thank you for your help.
Best regards
Xavier Jeannin

Daniel Stenberg wrote:

> On Sun, 13 Oct 2002, Xavier Jeannin wrote:
>
> > My purpose :
>
> > I want a user (browser) can directly connect in a Web application on a
> > server that I contol using only their certificat.
>
> I follow. You want the user to connect to a web app using a certificate.
>
> > Every Web application (like TUTOS) possess a table of account for the
> > people that access to this application.
>
> That makes sense.
>
> > So a person has to supply a Login and a password for every Web application
> > that she can use.
>
> Right.
>
> > As I can verify the certificat of person directly on my Web server and so I
> > can authenticate this person. In fact, I try to suppress the login task
> > into the Web application for the user.
>
> You mean into *other* web applications?
>
> > I have done a program "logcertif.php" (PHP but It can be in other langage
> > if it needs) that simulate the login into the Web application TUTOS.
>
> > This program is in the same directory of the Web application TUTOS on the
> > same Web server, so TUTOS and "logcertif.php" are submitted to the same
> > verification from the web server.
>
> Ok, so your PHP program and the TUTOS web app are on the same server. I don't
> see how that makes a difference though.
>
> > my program :
>
> [ PHP program operating on a HTTPS page cut out ]
>
> > If my apache configuration is :
>
> [snip]
>
> > it works fine (it was what I called only SSL)
> >
> > If my apache configuration is :
>
> [snip]
>
> > my program 'logcertif.php' does not work, all others programs work fine in
> > this case
>
> So, this Apache config sets up a more restrictive access to your web app. And
> then your web app using curl stops to work?
>
> Again, I really can't see how this can be curl's fault.
>
> > When you connect to "logcertif.php", apache verify the certificat and run
> > logcertificate.php but the connection to
> > "https://www.myserver.com/tutos/php/mytutos.php" failed.
>
> > SSL said that the expression " m/xavier.jeannin_at_urec.cnrs.fr/i" is not
> > matched.
>
> Aaaah! Well of course. Your program that runs the curl stuff doesn't have/use
> the correct/required certificate in order to be allowed to operatate against
> the server.
>
> > Can get the information used for the first conection about the certificat
> > and send in my program logcertif.php for the second connection ?
>
> I doubt you can do that. It would seem a bit strange that any server could
> steal the client's certificates at will.
>
> > In other word, is it possible the certificate follow in the second
> > connection ? Do you know if it is possible to do such connection ?
>
> I'm not an SSL guru, but I think you need to find a different way to solve
> this problem.
>
> --
> Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf

--
________________________________________________________________________________________
Xavier Jeannin   UREC/CNRS
Université P. & M. Curie - Tour 65/66 - 4ième étage
Courrier : case 171
4, place Jussieu - 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61
Xavier.Jeannin_at_urec.cnrs.fr
_________________________________________________________________________________________
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf