cURL / Mailing Lists / curl-library / Single Mail


Re: htts SSLRequire feature

From: Daniel Stenberg <>
Date: Sun, 13 Oct 2002 12:56:44 +0200 (MET DST)

On Sun, 13 Oct 2002, Xavier Jeannin wrote:

> My purpose :

> I want a user (browser) can directly connect in a Web application on a
> server that I contol using only their certificat.

I follow. You want the user to connect to a web app using a certificate.

> Every Web application (like TUTOS) possess a table of account for the
> people that access to this application.

That makes sense.

> So a person has to supply a Login and a password for every Web application
> that she can use.


> As I can verify the certificat of person directly on my Web server and so I
> can authenticate this person. In fact, I try to suppress the login task
> into the Web application for the user.

You mean into *other* web applications?

> I have done a program "logcertif.php" (PHP but It can be in other langage
> if it needs) that simulate the login into the Web application TUTOS.

> This program is in the same directory of the Web application TUTOS on the
> same Web server, so TUTOS and "logcertif.php" are submitted to the same
> verification from the web server.

Ok, so your PHP program and the TUTOS web app are on the same server. I don't
see how that makes a difference though.

> my program :

[ PHP program operating on a HTTPS page cut out ]

> If my apache configuration is :


> it works fine (it was what I called only SSL)
> If my apache configuration is :


> my program 'logcertif.php' does not work, all others programs work fine in
> this case

So, this Apache config sets up a more restrictive access to your web app. And
then your web app using curl stops to work?

Again, I really can't see how this can be curl's fault.

> When you connect to "logcertif.php", apache verify the certificat and run
> logcertificate.php but the connection to
> "" failed.

> SSL said that the expression " m/" is not
> matched.

Aaaah! Well of course. Your program that runs the curl stuff doesn't have/use
the correct/required certificate in order to be allowed to operatate against
the server.

> Can get the information used for the first conection about the certificat
> and send in my program logcertif.php for the second connection ?

I doubt you can do that. It would seem a bit strange that any server could
steal the client's certificates at will.

> In other word, is it possible the certificate follow in the second
> connection ? Do you know if it is possible to do such connection ?

I'm not an SSL guru, but I think you need to find a different way to solve
this problem.

 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
This email is sponsored by:ThinkGeek
Welcome to geek heaven.
Received on 2002-10-13