[racket] openssl - authenticating clients via certificates

From: Sam Phillips (samdphillips at gmail.com)
Date: Wed Jan 5 10:47:50 EST 2011

On Wed, Jan 5, 2011 at 4:37 AM, Curtis Dutton <curtdutt at gmail.com> wrote:
> Has anybody figured out a way to do this yet?
>  I am willing to volunteer some effort to help implement. Any pointers on
> where to get started, design considerations, etc... are appreciated if that
> is the case.

I've not done this with the Racket Webserver, but looking at the docs you may
want to look into ssl-set-verify!
(http://docs.racket-lang.org/openssl/index.html#%28def._%28%28lib._openssl/main..rkt%29._ssl-set-verify!%29%29)

Also for rejecting certificates you probably want to use a Certificate
Revocation List (CRL).
You'll probably need to hook into the OpenSSL library with ffi to get
that working.

Cheers,
Sam


Posted on the users mailing list.