Skip to Content.
Sympa Menu

en - Re: [sympa-users] problem authentication with certificates

Subject: The mailing list for listmasters using Sympa

List archive

Re: [sympa-users] problem authentication with certificates

Chronological Thread  
    < Chronological >       < Thread >
  • From: Riccardo Veraldi <address@concealed>
  • To: address@concealed
  • Cc: address@concealed
  • Subject: Re: [sympa-users] problem authentication with certificates
  • Date: Fri, 29 Sep 2006 15:24:52 +0200

Seems the variables are ok but SSL_CLIENT_S_EMAIL is not present...

Rick

SSL_CLIENT_A_KEY="rsaEncryption"
SSL_CLIENT_A_SIG="sha1WithRSAEncryption"
SSL_CLIENT_I_DN="/C=IT/O=INFN/CN=INFN Certification Authority"
SSL_CLIENT_I_DN_C="IT"
SSL_CLIENT_I_DN_CN="INFN Certification Authority"
SSL_CLIENT_I_DN_O="INFN"
SSL_CLIENT_M_SERIAL="0E96"
SSL_CLIENT_M_VERSION="3"
SSL_CLIENT_S_DN="/C=IT/O=INFN/OU=Personal Certificate/L=CNAF/CN=Riccardo Veraldi"
SSL_CLIENT_S_DN_C="IT"
SSL_CLIENT_S_DN_CN="Riccardo Veraldi"
SSL_CLIENT_S_DN_L="CNAF"
SSL_CLIENT_S_DN_O="INFN"
SSL_CLIENT_S_DN_OU="Personal Certificate"
SSL_CLIENT_VERIFY="SUCCESS"
SSL_CLIENT_V_END="Oct 27 13:08:35 2006 GMT"
SSL_CLIENT_V_REMAIN="28"
SSL_CLIENT_V_START="Oct 27 13:08:35 2005 GMT"




address@concealed wrote:
Riccardo Veraldi wrote:

Hello,
I am not able to do an authentication with certificates.
I installed certificate on the sympa server, and also the CA certificate.
I have a personal certificate released by the same CA.

in the ssl configuration I put

ScriptAlias /sympa  /usr/local/sympa/cgi-bin/wwsympa-wrapper

<Location /sympa>
  SSLOptions +StdEnvVars
  SetHandler fastcgi-script
</Location>

The browser asks me the password when I connect thru https
but then the normal login page is displayed and I Am not authenticated.

from the log files I have seen nothing of strange...
anyone has some hints ?
Does the certificat include a email ?
You should install pa cgi that show your certificat attributes as they are computed by mod_ssl (see the end of this mail I add some perl that do it )

SSL_CLIENT_S_EMAIL or SSL_CLIENT_S_DN_Email must be present. I search the code in wwsympa source, I see that SubjectAlternativeName (SSL_CLIENT_S_EMAIL) need a patch to mod_ssl (this was a comment from address@concealed)

#!/usr/bin/perl
print "Content-type: text/plain\n\n";
foreach $var (sort(keys(%ENV))) {
    $val = $ENV{$var};
    $val =~ s|\n|\\n|g;
    $val =~ s|"|\\"|g;
    print "${var}=\"${val}\"\n";
}

Serge Aumont


Archive powered by MHonArc 2.6.19+.

Top of Page