[racket] openssl - authenticating clients via certificates

From: Neil Van Dyke (neil at neilvandyke.org)
Date: Wed Jan 5 16:12:45 EST 2011

Curtis Dutton wrote at 01/05/2011 07:37 AM:
> I am interested in implementing authentication via client browser 
> certificates with a racket webserver.

One way I have seen HTTPS SSL client certificate authentication done for 
Racket (actually, PLT Scheme, a while ago) on the server side is to 
simply use Apache as a front-end Web Server, and have an Apache module 
do the authentication before the connection gets to Racket.  Then your 
Racket code can get from Apache a string of a DN or some other 
identifying info from the valid certificate, which you can use for 
authorization or possibly additional authentication.  I think that will 
do everything you want, including letting you lock out users (based on 
DN, without having to mess with cert revocation lists).

There might also be other reasons to use a front-end HTTPS server in 
front of your Racket Web Server, so perhaps you're already doing this.  
If for some reason you wanted connections direct to your Racket Web 
Server, not through a front-end like Apache, I don't know whether 
Racket's SSL support currently supports client cert authn on the server 
side.

-- 
http://www.neilvandyke.org/


Posted on the users mailing list.