SSLProxy - Howto delegate Client Certificate to backend server

Hi all,

I have the following scenario:

Apache webserver 2.0.44 with mod_ssl requires client authentication dur=
ing
SSL handshake
for a particular URL. All further requests coming in over the establish=
ed
SSL connection are
delegated to a backend server. The connection between the webserver and=
the
backend
server is also configured to be a SSL connection with client
authentication, so the webserver
has to provide a client certificate to the backend server.

I'd like to pass the client certificate provided by the end user to the=

backend server. Is there a
chance to do this with mod_ssl?

Any help and comments appreciated.

Best regards
Ulrich
____________________________________________________________ ___________=
_____

Deutscher Sparkassen Verlag GmbH

Am Wallgraben 115
70565 Stuttgart
Telefon: 0711/782-0
Webseite: http://www.dsv-gruppe.de
____________________________________________________________ ___________=
_____

Dieses E-Mail einschließlich evtl. angehängter Dateien enthält ve=
rtrauliche
und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richt=
ige
Adressat sind und Sie dieses E-Mail irrtümlich erhalten haben, dürf=
en Sie
weder den Inhalt dieses E-Mails nutzen noch dürfen Sie die evtl.
angehängten Dateien öffnen und auch nichts kopieren oder
weitergeben/verbreiten.
Bitte verständigen Sie den Absender und löschen Sie dieses E-Mail u=
nd evtl.
angehängte Dateien umgehend. Vielen Dank!
____________________________________________________________ ___________=
_____
=

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLProxy - Howto delegate Client Certificate to backend server

On Fri, Feb 21, 2003 at 07:39:07AM +0100, ulrich.lohrmann@dsv-gruppe.de wrote:
> I'd like to pass the client certificate provided by the end user to the
> backend server. Is there a
> chance to do this with mod_ssl?
>
Currently there isn't a solution with mod_ssl. There is however a couple
of ways to do this if you don't mind hacking the code. I made a POC module
for Apache 1.3 http://www.toftum.org/www2/apache/ which is just a very
simple example of how this can be done. There has also been sent a patch
to the dev@httpd list recently - they have not been included, but see
http://marc.theaimsgroup.com/?t=104499235500006&r=1&w=2

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLProxy - Howto delegate Client Certificate to backend server

Hello ulrich,

Friday, February 21, 2003, 7:39:07 AM, you wrote:

uldgd> I have the following scenario:
uldgd> Apache webserver 2.0.44 with mod_ssl requires client authentication during
uldgd> SSL handshake
uldgd> for a particular URL. All further requests coming in over the established
uldgd> SSL connection are
uldgd> delegated to a backend server. The connection between the webserver and the
uldgd> backend
uldgd> server is also configured to be a SSL connection with client
uldgd> authentication, so the webserver
uldgd> has to provide a client certificate to the backend server.

uldgd> I'd like to pass the client certificate provided by the end user to the
uldgd> backend server. Is there a
uldgd> chance to do this with mod_ssl?
I believe everything you are looking for is in the patch I posted on
Wed, 19 Feb 2003 (RE: Patches and Enhancements for a SSL-Proxy Based
on Apache 2.0 (mod_ssl, mod_proxy, mod_headers)).
If you find my patch useful I would appreciate any help to make it
part of future Apache distributions.

--
Best regards,
Maik mailto:maiklst@hw1464.wdf.sap-ag.de

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org