XML-RPC SSL and client side certs?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Eli Criffield
    #1

    XML-RPC SSL and client side certs?


    Does anyone have an example setup of a XML-RPC sever using client side
    certs for authentication?

    And instead of having a list of certs allowed to connect, I'd like to
    allow any cert signed by my CA.

    It doesn't seem like it would be to hard to do and I'll probably spend
    some time setting it up here soon, but would be interested if anyone
    else has already written a solution like this or has used one (in
    python of course).

    Eli Criffield

    Tags: None
    • Jeff McNeil
      #2
      Re: XML-RPC SSL and client side certs?

      I apologize for not giving you a Python specific answer, but for the
      XMLRPC services I've deployed, I front them with Apache and proxy back
      to localhost:8080.

      I do all of the encryption and authentication from within the Apache
      proper and rely on mod_proxy to forward validated requests on. I've
      settled on basic authentication, but I see no reason why you couldn't
      take advantage of mod_ssl.

      Thanks, hope that helps. Just another option, really.

      Jeff




      On 10 Apr 2007 14:43:40 -0700, Eli Criffield <elicriffield@g mail.comwrote:
      >
      Does anyone have an example setup of a XML-RPC sever using client side
      certs for authentication?
      >
      And instead of having a list of certs allowed to connect, I'd like to
      allow any cert signed by my CA.
      >
      It doesn't seem like it would be to hard to do and I'll probably spend
      some time setting it up here soon, but would be interested if anyone
      else has already written a solution like this or has used one (in
      python of course).
      >
      Eli Criffield
      >
      --
      Mailman 3 Info | python-list@python.org - python.org
      http://mail.python.org/mailman/listinfo/python-list

      >

        Comment

        • =?ISO-8859-1?Q?=22Martin_v=2E_L=F6wis=22?=
          #3
          Re: XML-RPC SSL and client side certs?

          Jeff McNeil schrieb:
          I apologize for not giving you a Python specific answer, but for the
          XMLRPC services I've deployed, I front them with Apache and proxy back
          to localhost:8080.
          >
          I do all of the encryption and authentication from within the Apache
          proper and rely on mod_proxy to forward validated requests on. I've
          settled on basic authentication, but I see no reason why you couldn't
          take advantage of mod_ssl.
          There is an issue with forwarding SSL connections, of course: it
          is not possible - at least not with the same client identity as
          the original user.

          In turn, it's not easy to forward the identity of the authenticated
          user, either: even though Apache will know who he is, it has no
          way of telling on the forwarded request.

          So you would have to use CGI or mod_python in this case.

          Regards,
          Martin

            Comment

            Previous template Next
            Working...