[racket] openssl - authenticating clients via certificates

Using apache is probably how I will solve this in the short term.

It seems though, if there was some way to determine what public key was
given by the "other" side of an ssl connection, then one could pretty much
implement authentication outside of the ssl layer.

That may not be too much of a stretch as far as modifications to the open
ssl code goes. I'm still playing with the openssl package and learning how
it works.



On Wed, Jan 5, 2011 at 4:12 PM, Neil Van Dyke <neil at neilvandyke.org> wrote:

> Curtis Dutton wrote at 01/05/2011 07:37 AM:
>
>  I am interested in implementing authentication via client browser
>> certificates with a racket webserver.
>>
>
> One way I have seen HTTPS SSL client certificate authentication done for
> Racket (actually, PLT Scheme, a while ago) on the server side is to simply
> use Apache as a front-end Web Server, and have an Apache module do the
> authentication before the connection gets to Racket.  Then your Racket code
> can get from Apache a string of a DN or some other identifying info from the
> valid certificate, which you can use for authorization or possibly
> additional authentication.  I think that will do everything you want,
> including letting you lock out users (based on DN, without having to mess
> with cert revocation lists).
>
> There might also be other reasons to use a front-end HTTPS server in front
> of your Racket Web Server, so perhaps you're already doing this.  If for
> some reason you wanted connections direct to your Racket Web Server, not
> through a front-end like Apache, I don't know whether Racket's SSL support
> currently supports client cert authn on the server side.
>
> --
> http://www.neilvandyke.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.racket-lang.org/users/archive/attachments/20110106/fe419645/attachment.html>