Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

Is SSLProxyMachineCertificateFile read in at start or usage?

  
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Next:  script to offer download after completing an offe..  
Author Message
nielsen.sebastian

External


Since: Apr 11, 2007
Posts: 3



(Msg. 1) Posted: Wed Apr 11, 2007 2:22 am
Post subject: Is SSLProxyMachineCertificateFile read in at start or usage?
Archived from groups: alt>apache>configuration (more info?)
(I have sent a copy to the users.DeleteThis@httpd.apache.org mailing list, but
not got any reply)

- Im using Apache 2.2.4 with mod_so compiled in -

When is the file specified in SSLProxyMachineCertificateFile
being read in? At apache start, or when it needs a certificate in that
file?

The reason of Im asking this, is because Im setting up a Apache SSL
proxy, to be able to virus
scan SSL traffic.

But some bank sites require client validation, so Im have decied to
make use of templates so the
user is presented with a link to a CGI upload page, when the user
visit a page for which apache dosent
have client certificate for. (In other word, when authentication to a
site fails)

Then this CGI script will load in the SSLProxyMachineCertificateFile
PEM file, PEM-encode all uploaded certificates, add them
to the PEM file, and then write that file directly to
the file specified in SSLProxyMachineCertificateFile.

And here rises the problem.... Is the SSLProxyMachineCertificateFile
file read in at start, or at
each request that requires SSL client certificate....
(If the file is loaded at startup, any changes to that file will not
have any effect until next restart)

And if that file is being read in at certain events, is it then
possibly to force reload of the
SSLProxyMachineCertificateFile file by sending some signal to apache,
without restarting apache?

 >> Stay informed about: Is SSLProxyMachineCertificateFile read in at start or usage? 
Back to top
Login to vote
nielsen.sebastian

External


Since: Apr 11, 2007
Posts: 3



(Msg. 2) Posted: Wed Apr 11, 2007 3:50 am
Post subject: Re: Is SSLProxyMachineCertificateFile read in at start or usage? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
No, im not allowing them to change the CONFIGURATION...
Its the PEM files that the configuration refers to that the user will
be able to append to, but not delete, change or read.

The user will be able to append her own client certificate.

The CGI will simply contain a list of CNs, and validity dates, of the
certificates currently in the system, and then contain a file upload
box, and a box for entering private key password.

The user will simply select his/her certificate from his/her system,
enter the private key password in the box, and then the CGI will
decrypt his client certificate and append it in the PEM file specified
by SSLProxyMachineCertificateFile, or in the path specified by
SSLProxyMachineCertificatePath .

But SSLProxyMachineCertificatePath (Not the
SSLProxyMachineCertificateFile), is certificates in that folder read
in when a certificate from that path is required, or is this path
readed in and cached at startup like the
SSLProxyMachineCertificateFile?

Or is there's any way to force apache to reload the
SSLProxyMachineCertificateFile/SSLProxyMachineCertificatePath without
restarting apache. (I mean, I dont want all new connections, and
current connections to fail, when a user uploads a client certificate,
even if I reload apache gracefully, when it restarts, new connections
will fail for a little while)

 >> Stay informed about: Is SSLProxyMachineCertificateFile read in at start or usage? 
Back to top
Login to vote
nielsen.sebastian

External


Since: Apr 11, 2007
Posts: 3



(Msg. 3) Posted: Wed Apr 11, 2007 4:51 am
Post subject: Re: Is SSLProxyMachineCertificateFile read in at start or usage? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Of course it will check the format of the file, check that the file
contains one (1) private key, and that the file contain one (1)
certificate.
It will then check if the private key is encrypted, if thats true, it
will try to decrypt using the user's password.

The file upload will accept all widely aviable certificate formats,
but to prevent corruption and hacking/injection, it will read out
every attribute of the certificate using a certificate parser module,
and then write them to a new variable.

If the certificate is undamaged, the signature will verify sucessfully
using the publickey of the CA certificate, else it will fail
verification, and the certificate will not be written to the PEM file.


---------------------

Is SSLProxyMachineCertificatePath (note that the directive ends in
Path, not File that I asked about earlier), readed in at startup or
when its needs a certificate from that folder?
 >> Stay informed about: Is SSLProxyMachineCertificateFile read in at start or usage? 
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 4) Posted: Wed Apr 11, 2007 5:56 am
Post subject: Re: Is SSLProxyMachineCertificateFile read in at start or usage? [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 5) Posted: Wed Apr 11, 2007 6:57 am
Post subject: Re: Is SSLProxyMachineCertificateFile read in at start or usage? [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
Back to top
Login to vote
davideyeahsure

External


Since: Nov 03, 2003
Posts: 2907



(Msg. 6) Posted: Wed Apr 11, 2007 9:00 am
Post subject: Re: Is SSLProxyMachineCertificateFile read in at start or usage? [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Users can read other users help? - Hi, I've setup up apache 2.0.40 to run as a user and group apache but it can read all user directories in /home/. So say /home/user1 /home/user2 /home/user3 They can all read each other because the user directories have to be chmod 770 to enable apache...

testing do not read - told ya so

cant read php4 files - hi, i use redhat 8 machine to run apache 2.0.40 & php4, i can read html pages fine from other computer that connected to the network but can`t read php. i checked and see that the module libphp4.so is loaded, and the php code is simple and fine.t...

I can't read .php3 files. - Hi all, I have debian linux with apache 1.3.26 and php4 4.1.2-6 I can read .php files but NOT .php3 files. PHP3 is not installed, while I'm thinking release 4 is able to run also ..php3 files. In my httpd.conf I have only LoadModule php4_module..

Read ENV set by script (mod_rewrite) - Hello, I was wondering if anyone knew if it was possible to read a env variable set by a script, or has apache already done it's job by then? At what point does it do the rewriting? For the sake of simplicity: RewriteEngine on RewriteRule..
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]