Article delegate-en/182 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A181@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: authentication not working for SSL client accessing Delegate SSL proxy?
18 Dec 1998 06:55:06 GMT ysato@etl.go.jp (Yutaka Sato 佐藤豊)


In message <_A181@delegate-en.ML_>
on 12/18/98(15:11:52)
you "Horia Georgescu" <pbyaabdyi-g7ilkrrpmhjr.ml@ml.delegate.org> wrote:
 |Hi, I'm trying to get this going on my own, but it doesn't work ...

Have you cleared the problem of "keyfile not found or wrong" ?
I should have noticed that SSL_xxx_yyy_FILEs must be specified in
absolute path when you run DeleGate in background (without -v option)
because DeleGate changes working directory to $WORKDIR in the case.

 |Here is an excerpt from "A universal SSL proxy by DeleGate":
 |"... If you wish to see client's certificate in SSLway with "-ac" option,
 |specify "-client_auth" option"..

Current "-client_auth" option just implies to ask the client to send
its certificate if it have, then record the content of the certificate,
if it's sent, into LOGFILE.  I scarcely remember what I intended the
option to mean ultimately... but activating a stuff commented out in
filters/sslway.c seems to make sslway to reject the connection from
clients without a certificate.

*** ../dist/delegate5.8.3/filters/sslway.c	Fri Aug 21 19:27:45 1998
--- sslway.c	Fri Dec 18 15:46:35 1998
***************
*** 277,279 ****
  static int   cl_auth = 0;
! static int   cl_vrfy = SSL_VERIFY_PEER /* | SSL_VERIFY_FAIL_IF_NO_PEER_CERT*/;
  
--- 277,279 ----
  static int   cl_auth = 0;
! static int   cl_vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
  
Maybe doing verification based on the client certificate should be
specified in another option rather than "-client_auth", for example
an option like "-client_verify".
But anyway I think I should follow the convention of command line
arguments or environment variables of SSLeay, with which I'm not so
familiar now... 

Cheers,
Yutaka
--
Yutaka Sato <ysato@etl.go.jp> http://www.etl.go.jp/~ysato/   @ @ 
Computer Science Division, Electrotechnical Laboratory      ( - )
1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan            _<   >_

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V