[racket] openssl - authenticating clients via certificates

From: Matthias Felleisen (matthias at ccs.neu.edu)
Date: Fri Feb 25 17:36:47 EST 2011

On Feb 25, 2011, at 3:00 PM, Curtis Dutton wrote:

> Ok so I have made some changed to the ssl code and have something working now (openssl collection). Open ssl supports a "try verify" mode that will still accept an ssl connection even if a client cannot provide a valid certificate. This allows me to support the scenario of a public https usage for anonymous users, and allows my webserver to also verify clients with approved certficates.
> 
> I'd like to solicit any thoughts/advice on my api additions.
> 
> ssl-try-verify! - identical to ssl-set-verify! however it will try to verify if possible but still allow the connection to proceed if verification fails
> ssl-peer-verified? - given an ssl port determines if the remote peer of a specific ssl port was verified
> ssl-peer-subject-name - given an ssl port returns a string that is the full subject name of the certificate issued by the peer or false if the peer is unverified
> ssl-peer-issuer-name - given an ssl port returns a string that is the full certificate name of the certificate issued by the peer or false if the peer is unverified
> 
> I would ultimately like to integrate these changes back into racket. This would be my first time contributing to racket. What is the next step to getting these changes integrated?


Send a GIT patch for a collection and the maintainer will look it over to see whether it is acceptable. -- Matthias




Posted on the users mailing list.