W3C home > Mailing lists > Public > www-lib@w3.org > January to March 2005

Re: ssl client certificates

From: Vic Bancroft <bancroft@america.net>
Date: Sun, 27 Feb 2005 21:50:04 -0500
Message-ID: <422286DC.6080509@america.net>
To: Andrew Steets <steets@gmail.com>
CC: www-lib@w3.org

Andrew Steets wrote:

>here is a preliminary patch against TOT which includes the patch
>I sent out earlier this evening and now has basic support for client
>side certs.  
For convenience, I went ahead and checked them in as,

    Checking in configure.ac;
    /sources/public/libwww/configure.ac,v  <--  configure.ac
    new revision: 1.3; previous revision: 1.2
    Checking in Library/src/SSL/HTSSL.c;
    /sources/public/libwww/Library/src/SSL/HTSSL.c,v  <--  HTSSL.c
    new revision: 1.8; previous revision: 1.7
    Checking in Library/src/SSL/windows/wwwssl.def;
    /sources/public/libwww/Library/src/SSL/windows/wwwssl.def,v  <-- 
    new revision: 1.4; previous revision: 1.3
    Checking in Robot/src/HTRobMan.html;
    /sources/public/libwww/Robot/src/HTRobMan.html,v  <--  HTRobMan.html
    new revision: 1.10; previous revision: 1.9
    Checking in Robot/src/Makefile.am;
    /sources/public/libwww/Robot/src/Makefile.am,v  <--  Makefile.am
    new revision: 1.33; previous revision: 1.32
    Checking in Robot/src/RobotMain.c;
    /sources/public/libwww/Robot/src/RobotMain.c,v  <--  RobotMain.c
    new revision: 1.14; previous revision: 1.13

>The webbot now has options
Hurrms, I wonder how many options webbot is missing compared to wget . . .

>-verifydepth <n> 
>-sslprot <v1 | v2 |  v23>
>-keyfile <private key filename>
>-certfile <public cert filename>
Looking at the options available from the openssl tools, for example
We add some aliases to match option syntax,  we might also want to 
consider an appropriate set of defaults, given the way popular 
distributions organize the certs. 

>you can robot all over a server that requires client side certs provided you have the right key/cert files and some knowledge of openssl (to convert your stuff to PEM format if needed).
Even though some howto action would turn into an openssl + apache + 
libwww, it might be nice to construct something like the stunnel example,
Perhaps we can dig some session scrapings from our shell history.

>Let me know what you think.
Great work, look forward to the refinements !


america sig
Received on Monday, 28 February 2005 03:10:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:33:56 UTC